Some thoughts about the distributed crack/reward distribution thing: The "you must report results only to the crack organizers" rule can be enforced if it's made into a contract. Even without a formal contract, I think it's plausible to argue that pretending to participate in the distributed crack, *and representing that to the organizers and thereby gaining access to their private database of already-searched keyspace*, and using that information for one's own private gain, could reasonably be construed as fraud. (depending on your jurisdiction, blah blah blah. But the general pattern - knowing misrepresentation, foreseeable & intended reliance, loss to one party is gain for another - is right at the heart of common-law fraud. The "widely distributed computing" approach depends for economic viability (as opposed to being just an amusing hobby) on preserving the confidentiality of input and output datasets. This protection can be (and will be) provided by both law and technology. The technological side will likely depend on programs distributed as executables only. This implies a client-side "sandbox" environment such as Java so that the software can't get to any of the local hardware (except the processor & display). If distributed crack organizers can be confident that they'll be able to reap the benefits of their organizing, they can offer payments to unsuccessful participants. This approach (tiny payments for idle cycles) scales better to real-world distributed computing problems than the all-or-nothing $10K approach. Because of the need for confidentiality, real-world distributed computing problems are unlikely to give participants a chance at a "big win" if they cheat somehow. (For example, assume Eve intercepts some ciphertext, and she knows enough about the structure of it that she can predict some of its contents (like message headers, or TCP/IP headers) - she will ask for keys which decrypt [a tiny piece of] the headers, and save the juicy data for herself. A cheating participant in the distributed crack gains very little by keeping the winning result to him/herself, unless she knows more about the context of Eve's interception.) I'm suspicious of the idea that a lot of people are going to meaningfully participate in the crack because they've got a "chance" to win $10K; assuming a wide distribution of client software, the chances that any particular client will hit the key is unlikely to be better than 1 in 10,000 or so (and my hunch is it's more like 1 in 100,000) .. which means that the "chance" is worth somewhere between $1 and $.10. Personally, I'd be more motivated by the idea that the crack might help kill stupid export control laws. Then again, I'm one of those people who won't buy lottery tickets. -- Greg Broiles | US crypto export control policy in a nutshell: gbroiles@netbox.com | http://www.io.com/~gbroiles | Export jobs, not crypto. |