Economic Model for Key Cracking
So far, list members have mostly presented two points of view on the economics of key cracking: o It's free, since it uses spare CPU cycles o It should be priced at the cost of the dedicated computer hardware needed to do it. Both of these approaches are wrong. The first approach fails because it doesn't scale -- there probably aren't enough people willing to crack lots of keys purely for the research interest, hack value, or the goodness of their heart. At the same time, many people and companies have lots of unused CPU time on their hands. Economically, this CPU time is scrap material -- and there are companies out there that do nothing but buy up scrap equipment for pennies on the dollar. Therefore it should be possible to create a market in spare CPU cycles for tasks like this that require massive parallel computing. An earlier suggestion for bounties on keys (basically the Chinese lottery approach) is a step in this direction. I'd also like to point out that a hacker who can sniff out SSL-encrypted packets on a hacked network is going to be vastly harder to catch than someone who trolls through his or her physical community dumpster diving and bribing clerks. The ability to anonymously gather and decrypt credit card numbers has a vastly lower "cost" in terms of likelyhood of prosecution. If it drops down to under $100 per key, it's probably at a good break-even point to do it wholesale. Certainly the out-of-pocket cost of cracking a 40-bit SSL key is less than that right now for a great many people, even without creating a market.
Douglas Barnes wrote:
At the same time, many people and companies have lots of unused CPU time on their hands. Economically, this CPU time is scrap material -- and there are companies out there that do nothing but buy up scrap equipment for pennies on the dollar.
Therefore it should be possible to create a market in spare CPU cycles for tasks like this that require massive parallel computing. An earlier suggestion for bounties on keys (basically the Chinese lottery approach) is a step in this direction.
One can set up a workload distributor this way: Distribute work when a request is received. When the final results come back, pay the worker e-cash. We need to make sure that someone did do the work honestly, but I don't know how to check this (other than doing the work yourself to confirm the results, but this defeats the whole point of the system). Perhaps we should require that people buy the work first, and when they report the results, they get the money back + some profits. Assuming everyone is honest, I am sure many people in businesses wouldn't mind making money this way. Most business machines are completely idle/turned off after working hours anyway. Now we just need to convince the business people to help us. Not everyone is honest, and so this may be a bit difficult to do. If I were a business person without much computer knowledge, I probably wouldn't trust someone running programs on my computer. What if the program scans all my business secrets and distributes them world-wide, or what if the program is some sort of a virus? I could get some computer consultants to check the program's source code, but this would be too much trouble. Anyway, I think this would be the attitude of an average business person. Therefore, it will not be very easy to convince a lot of people to donate their spare cycles. Howard -- Howard Cheng e-mail: hcheng@gpu.srv.ualberta.ca University of Alberta howard@cs.ualberta.ca 3rd year Honors Comp. Sci. URL : http://ugweb.cs.ualberta.ca/~hcheng Finger hcheng@amisk.cs.ualberta.ca for PGP public key. Algebraic symbols are used when you do not know what you are talking about.
Didn't Ross Perot make his fortune by running data processing tasks nights and weekends on machines he leased to other people (all legal)? A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | mfroomki@umiami.ir.miami.edu U. Miami School of Law | P.O. Box 248087 | It's hot here. And humid. Coral Gables, FL 33124 USA | See http://www-swiss.ai.mit.edu/6095/articles/froomkin-metaphor/text.html and http://www.law.cornell.edu/jol/froomkin.htm
participants (3)
-
cman@communities.com -
Howard Cheng -
Michael Froomkin