Re: Where is the key cracking farming software?
Dan Bailey <dan@milliways.org> writes on cpunks:
There must be several versions of the code at this point. The Cypherpunks release, Damien's release and whoever else wrote some code to do the chore. If someone could pass me a pointer to the version that's best-commented and most understandable (one man's C is another man's crypto) I'd like to port it to Windows NT and write a simple installation to install it as a service.
Yep there's lots of versions of the brutessl software, ones I know of (in no particular order): - Damien Doligez wrote one - Andrew Roos wrote on (this is the one we're using for the challenge) - Eric Young wrote one - I wrote one More related softwares, specifications etc. - Piete Brookes, Andy Brown, and I wrote a protocol specification for a SMTP style key doler - SKSP (Simple Key Search Protocol) - draft RFC like document on brute (www url below). - Piete wrote a unix socket based key server and client for generic unix machines (in perl). - Andy Brown wrote a Windows NT client which talks the same protocol - David Byers did a MasPar port of the brutessl code
Perhaps a general-purpose OO bruteforcing library (addition to Crypto++?) would be a good idea. Just pass a pointers to the encrypt() and decrypt() functions to use for this session to the Cracker object, which in turn takes a number of bits and starts cracking.:)
The socket based key distributer allows you to write clients which interact with the key server. Take a look at Andy's code.
The problem with this is the disparity among out-of-the-box encrypt and decrypt functions. But I suppose it's nothing that couldn't be overcome with wrapper functions. Just thinking out loud. :)
Not sure how Andy addresses this in the NT code (I don't have NT), but for the unix client you'd just get another brute force program, compile it and update the client. Piete has a WWW URL for the software (the protocol spec is there too) at: http://www.brute.cl.cam.ac.uk/brute/ (Brute is a subsubdomain he set up for the purpose). Also this: ftp://ftp.brute.cl.cam.ac.uk/pub/brute/ should work. And the socket server runs on: sksp.brute.cl.cam.ac.uk (port 19957). I think we're ready to start another challenge, this one a collaborative project like the brute rc4 one. Just need some challenges now (asked Hal about this). Adam
| Yep there's lots of versions of the brutessl software, ones I know of | (in no particular order): | | - Damien Doligez wrote one | - Andrew Roos wrote on (this is the one we're using for the challenge) | - Eric Young wrote one | - I wrote one | I think we're ready to start another challenge, this one a | collaborative project like the brute rc4 one. Just need some | challenges now (asked Hal about this). I think it is time this kind of software is outlawed! I mean, it is a criminal instrument, and the only good it does is to embarrase good old well-meaning companies trying to make a profit. Besides, the customers should know better than to buy stuff over the net! And Netscape said AS IS all the time, didn't they? (Just joking! :-)) But seriously, I wonder how long it will take before bruteXXX programs will be classified as "criminal instruments"? As well as real good random generators, I guess? (I don't think they will outlaw the XOR op, so to get rid of one-time-pads they have to go for the random gen...) /Christian
-----BEGIN PGP SIGNED MESSAGE----- This may be more of a computer science question than a cryptography one, but it seems relevant to the current discussion: What is the current technology for running large compute-intensive jobs accross a whole lotta computers? Specifically, what's the best way to run something like a big key-cracking job on a farm of workstations? Run separate jobs on each machine that check in to a main server for new keys to crack? Or is there a better way? Also, on the note of producing a cheap parallel setup: a simple 90MHz pentium motherboard is ~$150. A cheap network card is under $50, and I'll bet it's possible to build a custom power-supply that'll juice a whole bunch of motherboards for under $200. You don't need monitors or keyboards for these machines -- just one of each to plug into the various machines to troubleshoot. Thus, the incremental cost of adding another pentium to a big cracking job is about $200 -- the startup cost is the cost of the distributed power supply, monitor, keyboard, etc. plus one server. And it's even cheaper to build this sort of setup if you go to someone who knows what s/he is doing, and can put a whole lotta CPUs onto one motherboard... The point is, that while one pentium can't do a whole lot, it's pretty cheap to build a DIY pentium "farm." And if a whole lot of people have these farms, and are willing to run distributed cracking jobs on them, computing power like that of the systems used in the RC40 crack is very easy to come by. Finally, there is a factor that hasn't been touched on much yet. Credit cards are not the crux of the problem: in the years to come, there will be more and more ways to manipulate money on the net. Charles Schwab is already working on a way to trade stocks wholesale over the net (or have they already started?), and I know of a couple other companies that have plans in the works to do the same. If it's possible for a small group to break one of *these* keys in a relatively short time (a month or two, I suppose), the money at stake could be well worth the compute time involved. - -sq -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBMDTPE1IP+Y8TPTdtAQGf3wP/f+X6nCvFqnqtdjUv4JqV3AMZVTXaf1At TCvP8DByrbRH/Yo/1PQvtOkLIcmII1meI0FQjLRsE13EL5KNZoppyAkcCTl5Rr92 bsrHZsZLI3cYry9YZP/m1XthrrZg5ppePIbfOiUzqoCYHCUvqlhJyTRl00Y4lZP4 +mLYuDh1Rps= =+Tij -----END PGP SIGNATURE-----
A couple of months back, someone (Adam Back, perhaps?) made mention of work on secure, reliable distributed computing on untrusted networks of untrusted machines. I seem to remember mention of sending out bogus computations in order to obscure the actual computation being performed. I was never able to follow the reference, since all the info available was the name of a Japanese professor, with no mention of the university or of any publications I could look up. Does this work ring a bell with anyone else? nathan
participants (4)
-
aba@dcs.exeter.ac.uk -
Christian Wettergren -
Nathan Loofbourrow -
Sam Quigley