[erlang-questions] Securely running code on an untrusted client
Fredrik Thulin
ft@REDACTED
Wed Jan 9 08:29:36 CET 2008
tsuraan wrote:
>> You can't solve it! You must trust at least some client even use
>> SETI/Boinc redundant approach.
>>
>
> It does depend somewhat on the problem though; some things are really
> asymmetric to calculate, and those can be easily verified. For example, if
> you're setting up a distributed network to crack a sha1 password file, you
> could send jobs out to millions of potentially untrusted clients. When they
> return succesful cracks, it's really easy to verify that the client is
> correct. I'm not sure if this applies to the problem at hand, but there
> might be some asymmetry to exploit.
The costly thing in that example is to verify the opposite of a
successful crack.
If evil-client finds the key, but lies about it and say that "the key is
NOT in the block I just checked" then all the other clients will
continue searching for the key until the end of time, without any
possibility of ever finding it.
/Fredrik
More information about the erlang-questions
mailing list