Been looking at the RC5 crack project. http://rc5.distributed.net/ has loads of flashy graphics, stats, etc. but no instructions! I've got the linux command line client, and I want to take off 16 hours at a time as I am using a dial up slip link, and it insists on taking 20 mins worth. I read the FAQ, nada. Help. Also, no source code. Adam -- Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
Comme disait Adam Back (aba@dcs.ex.ac.uk):
Been looking at the RC5 crack project.
http://rc5.distributed.net/ has loads of flashy graphics, stats, etc. but no instructions!
seems they are in the final process of rewriting clients entirely, with a new protocol, etc... so they don't bother explaining how the old clients work. Still, I agree it sucks.
I've got the linux command line client, and I want to take off 16 hours at a time as I am using a dial up slip link, and it insists on taking 20 mins worth.
here is the best that I found on that subject in the rc5 list archive.. rc5.exe -l -a outland.hway.net -a2 rc5proxy.distributed.net -s -k 20 jonass@lysator.liu.se -l is logging (writes to a file) -a primary server to use -a2 secondary server -s shows status -k number of blocks to buffer local. The larger number the less you have to be online This does not hide it, but that is what I like. You start it (beeing online), wait until it got all blocks and then go offline. Later you can go online any time. It will report any blocks finished and get new ones to fill up the 20 slots buffer. Unless you use the -o option or the -z option the client will try to connect every 2 minutes after finishing the first block so be careful if you have any kind of dial-on-demand. and from strings you get Usage: %s [-m] [-n level] [-c count] [-h hours] [-a <address>] [-p <port>] <identity> doesn't say that much... but you can try the -k option to see if it works with the linux client. I don't need that as I am on-line anyway.
Also, no source code.
there have been some discussions about that on the list, they seem to fair bogus datas sent to the servers. Kind of makes sense, but they could at least release the core source without the communication protocol... F. -- Fabrice Planchon (ph) 609/258-6495 Applied Math Program, 210 Fine Hall (fax) 609/258-1735
Fabrice Planchon <fabrice@math.Princeton.EDU> writes:
Comme disait Adam Back (aba@dcs.ex.ac.uk):
Also, no source code.
there have been some discussions about that on the list, they seem to fair bogus datas sent to the servers. Kind of makes sense, but they could at least release the core source without the communication protocol...
Yes, and it's inconvenient for a number of reasons: - those running the rc5 crack don't sign their binaries (presumably because they don't use PGP, or don't know what it is or something), who knows what you're downloading, virus, disk formatter, what ever. If you had source code, you could verify it yourself at least, even if there is no signature. - This problem with taking too few keys, if you had the source, and they can't be bothered to write instructions, or even brief usage notes, you could at least figure out how to use it from the source - Having source allows more people to verify it's correctness (saving burning keys on subtly flawed code), spot bugs, etc. Also allows others to find speedups. - The point about stopping bogus keys being submitted, some validity, however. - Another reason I suspect they won't give source is that they want to conceal the key from you because they have other ideas about where the money should go than perhaps you do. (They want $1000 for themselves, and will give $8000 to project Gutenburg (boring)). - When I see people worring about concealing protocols, I get this urge to insert a tap between the client and server, and post the protocol, to remove that worry for them. Adam -- Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
In <199706220814.JAA06026@server.test.net>, on 06/22/97 at 09:14 AM, Adam Back <aba@dcs.ex.ac.uk> said:
- those running the rc5 crack don't sign their binaries (presumably because they don't use PGP, or don't know what it is or something), who knows what you're downloading, virus, disk formatter, what ever. If you had source code, you could verify it yourself at least, even if there is no signature.
- This problem with taking too few keys, if you had the source, and they can't be bothered to write instructions, or even brief usage notes, you could at least figure out how to use it from the source
It's a shame that more shareware/freeware authors don't sign their code. I wrote a small Rexx script that signs all my source code, signs the binaries, creates the zip archive & signs it then creates a wrapper zip archive for the archive & the detached signature file. For C, H & CMD files you can clear sign the text files and still be able to compile them without revmoving the signatures. Example Test.C main(){ . . . } Add the following to the top and bottom of the file: */ main(){ . . . } /* Now clearsign the file. -----BEGIN PGP SIGNED MESSAGE----- */ main(){ . . . } /* -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: cp850 Comment: Registered_User_E-Secure_v1.1b1_ES000000 iQCVAwUBM6m/I49Co1n+aLhhAQGI4gQAgdJ8wU8PZezxO+DHFAzLoMmrnPoi7xBV 4YVGablxDRO16cELE8p2YVaNeZ+dOOLiZYnpZKPoPW2w8Ze7gDxAz5ODJ8ZBd+Ta x/3o3jkFGednnlJoEQcpS/R4bmoKy9hMzO7KJpXJB8YiWrbbGfiA3YidGMtYhWUf bDPiuD+rqXI= =gNYv -----END PGP SIGNATURE----- Now add the following to the top and bottom of the message: /* -----BEGIN PGP SIGNED MESSAGE----- */ main(){ . . . } /* -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: cp850 Comment: Registered_User_E-Secure_v1.1b1_ES000000 iQCVAwUBM6m/I49Co1n+aLhhAQGI4gQAgdJ8wU8PZezxO+DHFAzLoMmrnPoi7xBV 4YVGablxDRO16cELE8p2YVaNeZ+dOOLiZYnpZKPoPW2w8Ze7gDxAz5ODJ8ZBd+Ta x/3o3jkFGednnlJoEQcpS/R4bmoKy9hMzO7KJpXJB8YiWrbbGfiA3YidGMtYhWUf bDPiuD+rqXI= =gNYv -----END PGP SIGNATURE----- */ Now the PGP Signature has been commented out of the source code so it will not interfere with compiling. The end user can verify the signature without any modifications. I don't know if this will work with other languages that use different dilimiters. It all depends if you have the ability to comment out a block of text or if you need to add a dilimiter to every line. -- --------------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://www.amaranth.com/~whgiii/pgpmr2.html ---------------------------------------------------------------
Fabrice Planchon <fabrice@math.Princeton.EDU> writes:
Comme disait Adam Back (aba@dcs.ex.ac.uk):
Been looking at the RC5 crack project.
http://rc5.distributed.net/ has loads of flashy graphics, stats, etc. but no instructions!
seems they are in the final process of rewriting clients entirely, with a new protocol, etc... so they don't bother explaining how the old clients work. Still, I agree it sucks.
here is the best that I found on that subject in the rc5 list archive..
rc5.exe -l -a outland.hway.net -a2 rc5proxy.distributed.net -s -k 20 jonass@lysator.liu.se
-l is logging (writes to a file) -a primary server to use -a2 secondary server -s shows status -k number of blocks to buffer local. The larger number the less you have to be online
The client I have which I downloaded yesterday complains most of those arguments are illegal. I think the DOS version and the unix versions have different usage. Ben Byer <root@bushing.plastic.crosslink.net> wrote:
You want to download the "personal proxy", perproxy. It should be available on the same ftp site as the client. The proxy will buffer the keys and the answers for you... you just run the proxy on your machine, point it at rc5proxy.distributed.net, and you point your client at localhost.
This method works, in case any others are reading and trying this under unix. It's still chewing keys this morning. Adam -- Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
-----BEGIN PGP SIGNED MESSAGE----- Content-Type: text/plain; charset=us-ascii
Been looking at the RC5 crack project.
http://rc5.distributed.net/ has loads of flashy graphics, stats, etc. but no instructions!
I've got the linux command line client, and I want to take off 16 hours at a time as I am using a dial up slip link, and it insists on taking 20 mins worth.
I read the FAQ, nada.
Help.
You want to download the "personal proxy", perproxy. It should be available on the same ftp site as the client. The proxy will buffer the keys and the answers for you... you just run the proxy on your machine, point it at rc5proxy.distributed.net, and you point your client at localhost. - -- Ben Byer root@bushing.plastic.crosslink.net I am not a bushing -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBM6xg+LD5/Q37XXHFAQHe1gL/eOl3FTU2w4yXm09/DvvhQcmUgTpz/Uvs JU5JrZZj5kgSkHNAZCxqkeN2ErOvpE9QGqxTJudX0uYvIWv6LqAVgMlVb9nxatRc y6FnO5c3ET+3bh4qQOA10Am5J9Lcjksv =l9e6 -----END PGP SIGNATURE-----
participants (4)
-
Adam Back -
Ben Byer -
Fabrice Planchon -
William H. Geiger III