Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 02 Apr 2012 17:35:32 +0200
From: Simon Marechal <simon@...quise.net>
To: john-dev@...ts.openwall.com
Subject: Re: distributed processing with untrusted machines

On 02/04/2012 17:04, Solar Designer wrote:
> While I had these thoughts for years, I think that actually implementing
> this is still in a distant future for us (if we get there at all).  We
> need to gain built-in distributed processing first (non-MPI), and only
> then worry about enhancing it.

I am not sure the cost of implementing and using the countermeasures
will ever be worth it. You mentionned some of the problems, but there
are probably whole other classes of them. For example, some attacks are
well suited to challenges, such as the fake worker (it just sleep()s).
The cracking job configuration could be private : mangling rules,
dictionary, training results for statistical password cracking. Worse,
adding more code to interact with untrusted parties will lead to more bugs.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.