[erlang-questions] Securely running code on an untrusted client

Fredrik Thulin <>
Wed Jan 9 08:29:36 CET 2008


tsuraan wrote:
>> You can't solve it! You must trust at least some client even use
>> SETI/Boinc redundant approach.
>>
> 
> It does depend somewhat on the problem though; some things are really
> asymmetric to calculate, and those can be easily verified.  For example, if
> you're setting up a distributed network to crack a sha1 password file, you
> could send jobs out to millions of potentially untrusted clients.  When they
> return succesful cracks, it's really easy to verify that the client is
> correct.  I'm not sure if this applies to the problem at hand, but there
> might be some asymmetry to exploit.

The costly thing in that example is to verify the opposite of a 
successful crack.

If evil-client finds the key, but lies about it and say that "the key is 
NOT in the block I just checked" then all the other clients will 
continue searching for the key until the end of time, without any 
possibility of ever finding it.

/Fredrik



More information about the erlang-questions mailing list