[erlang-questions] Securely running code on an untrusted client

Roger Larsson <>
Tue Jan 8 22:24:47 CET 2008


On tisdag 08 januari 2008, tsuraan wrote:
> > You can't solve it! You must trust at least some client even use
> > SETI/Boinc redundant approach.
>
> It does depend somewhat on the problem though; some things are really
> asymmetric to calculate, and those can be easily verified.  For example, if
> you're setting up a distributed network to crack a sha1 password file, you
> could send jobs out to millions of potentially untrusted clients.  When
> they return succesful cracks, it's really easy to verify that the client is
> correct.  I'm not sure if this applies to the problem at hand, but there
> might be some asymmetry to exploit.

But the ones whose password you try to crack might add hundreds of 
clients that always return failure (and since they know what to return
they can be quite fast about it...)

So how many clients do you now have to put each work on?

/RogerL



More information about the erlang-questions mailing list