[QUOTE=chalsall;410790]...which, if the claim is correct, is an extremely poor implementation of TF'ing. And yet, interestingly, the empirical evidence provided by Madpoo says that this "talks" to its Command and Control (C&C) constantly via an encrypted channel; and not even to a registered domain.

Those doing the shortest possible TF'ing in "just in time" mode through GPU72 only "talk" to the server a dozen times or so an hour (less than a hundred bytes per "chat"); and they have (I think) three or four reasonably high-end GPUs on the job.

Clearly, several things just don't add up. It will be interesting to see if "CEMPLLA Author" (do we actually yet know his real name) will ever come back to explain himself. I bet a dollar no.[/QUOTE]

Now that I have more time today I'm going to profile what MPCG is doing in more detail. Running it along with Process Monitor to see what it's doing on the system, see if it's doing anything weird. Plus I should pull up the net trace I saved since I forgot to see the size of the data being transferred. I was curious if it was a bunch of small transfers or if it was moving more data than seemed reasonable for it's stated purpose.

[QUOTE=Madpoo;410797]Now that I have more time today I'm going to profile what MPCG is doing in more detail. Running it along with Process Monitor to see what it's doing on the system, see if it's doing anything weird. Plus I should pull up the net trace I saved since I forgot to see the size of the data being transferred. I was curious if it was a bunch of small transfers or if it was moving more data than seemed reasonable for it's stated purpose.[/QUOTE]

Well, I did some additional profiling just now. I have a few revisions:
1) It doesn't actually do a lot of net traffic. This time around I let it run for over 10 minutes compared to the < 1 minute previously. It does have traffic at the beginning and when you exit, but in the 10 minutes I had it running, it didn't do any jabbering between start and exit. My sample size was just too small previously.

2) As near as I could tell, it didn't seem to do anything weird during installation or while the program was running. Like I said, net traffic seemed to be solely pointed at that sftp.4shared.com address. The system activity during installation did a bunch of stuff that might seem weird to someone who has never seen a program get installed. Various installers do odd things, touching files and registry entries that would and probably should raise some eyebrows, but a generic installer will read all kinds of things to handle any number of options, which most programs never use. During the MPCG execution, it seemed to limit itself to normal things as well... didn't seem to be scanning my PC or anything that would raise a red flag.

3) This time around I picked the 100M digit (I chose 1B digit last time). The # it gave me to factor was [URL="http://www.mersenne.org/M332290339"]332290339[/URL] which is unfortunate because GIMPS has already TF'd that to 76 bits. Making this work assignment totally useless (didn't he say it only did up to 64 bit or something?)

I still have no more insight onto the what it's sending back/forth over SSH / SFTP.

Right now, based on what I've seen with MPCG at any rate, my baloney detector level is down from "11" to a more reasonable 2 or 3. In the sense that I don't think this is some weird type of trojan or something.

The takeaway: I just think it's probably really bad (inefficient) at what it's supposed to do.

[QUOTE=Madpoo;410802]Well, I did some additional profiling just now. I have a few revisions:
1) It doesn't actually do a lot of net traffic. This time around I let it run for over 10 minutes compared to the < 1 minute previously. It does have traffic at the beginning and when you exit, but in the 10 minutes I had it running, it didn't do any jabbering between start and exit. My sample size was just too small previously.

2) As near as I could tell, it didn't seem to do anything weird during installation or while the program was running. Like I said, net traffic seemed to be solely pointed at that sftp.4shared.com address. The system activity during installation did a bunch of stuff that might seem weird to someone who has never seen a program get installed. Various installers do odd things, touching files and registry entries that would and probably should raise some eyebrows, but a generic installer will read all kinds of things to handle any number of options, which most programs never use. During the MPCG execution, it seemed to limit itself to normal things as well... didn't seem to be scanning my PC or anything that would raise a red flag.

3) This time around I picked the 100M digit (I chose 1B digit last time). The # it gave me to factor was [URL="http://www.mersenne.org/M332290339"]332290339[/URL] which is unfortunate because GIMPS has already TF'd that to 76 bits. Making this work assignment totally useless (didn't he say it only did up to 64 bit or something?)

I still have no more insight onto the what it's sending back/forth over SSH / SFTP.

Right now, based on what I've seen with MPCG at any rate, my baloney detector level is down from "11" to a more reasonable 2 or 3. In the sense that I don't think this is some weird type of trojan or something.

The takeaway: I just think it's probably really bad (inefficient) at what it's supposed to do.[/QUOTE]

I looked at task manager after closing my browser and MPCG downloading every so often I'm not sure if it's downloading what the candidates are in full form and just updating the graphic interface or what. yeah I think it's just inefficiently doing things.

[QUOTE=Madpoo;410802]I still have no more insight onto the what it's sending back/forth over SSH / SFTP.[/QUOTE]

You could break out Wireshark and see if the traffic is actual SSH.

If it is SSH, it may not verify the server key and connect blindly. You could run your own SSH server along with a spoofed hosts file and see what it does.

[QUOTE=Madpoo;410802]3) This time around I picked the 100M digit (I chose 1B digit last time). The # it gave me to factor was [URL="http://www.mersenne.org/M332290339"]332290339[/URL] which is unfortunate because GIMPS has already TF'd that to 76 bits. Making this work assignment totally useless (didn't he say it only did up to 64 bit or something?)[/QUOTE]
Of the 25,144 exponents with known factors there are 34,492 known factors (in the range from 332192831 to 332999981): the average factor is 46.7 bits long.
Prime95 makes its first screen update at 50 (I think it does not stop for found factors before then either). 60.9% of the exponents in the rang have already been factored out.
23,162 of the factors are 64 bits and below, 1837 are above. That is a lot of hard LL's to run needlessly.


Maybe we will get an update this weekend from the author.

[QUOTE=Mark Rose;410805]You could break out Wireshark and see if the traffic is actual SSH.

If it is SSH, it may not verify the server key and connect blindly. You could run your own SSH server along with a spoofed hosts file and see what it does.[/QUOTE]

Wireshark is what I was using. Good idea about redirecting sftp.4shared.com to myself. I have an SFTP server running in my environment already so it would be trivial... then if it's ignoring the server key like you said, I'd at least be able to see it's connection info.

To the OP: See, this is the kind of stuff you can expect when you don't make the code open source. Inquiring minds will do what they can to reverse engineer... and we haven't even talked about looking at the executables themselves.

[QUOTE=Madpoo;410815]Wireshark is what I was using. Good idea about redirecting sftp.4shared.com to myself. I have an SFTP server running in my environment already so it would be trivial... then if it's ignoring the server key like you said, I'd at least be able to see it's connection info.

To the OP: See, this is the kind of stuff you can expect when you don't make the code open source. Inquiring minds will do what they can to reverse engineer... and we haven't even talked about looking at the executables themselves.[/QUOTE]

I spoofed it to my own SSH server via a hosts entry. It checks the server certificate apparently.

All I could tell from my server is that it sends a client string of: "SSH-2.0-PuTTY_Release_0.63". It gives you some possible reasons why it couldn't connect, like firewall on the SFTP port (22) or not running as an admin, etc.

Again to the OP, if you're using open source code in your non-open source program, you might want to make sure you're checking the various licensing arrangements. Your goal is to rake in the big money by finding a large prime, but you're probably not interested in losing all of that in legal fees. :smile:

In the case of PuTTY, all he asks for is:
[QUOTE]Also, apart from having to maintain the copyright notice and the licence text in derivative products, anybody (even companies) can adapt the PuTTY source code into their own programs and products (even commercial products) and owe nothing to me or anybody else.[/QUOTE]

Maybe you already have included any notices and the required license info somewhere in the "documentation", but the documentation (for lack of a better word) was so spread out and only available in the installation program that I didn't go through all of it.

EDIT: Oh, and some encryption software isn't allowed in some foreign countries. If you're in the US you should be concerned about including this and have something in place to restrict downloads from certain countries. I know, it's stupid because people can get this stuff anyway, but whatever, it's US law.

[QUOTE=Madpoo;410816]EDIT: Oh, and some encryption software isn't allowed in some foreign countries. If you're in the US you should be concerned about including this and have something in place to restrict downloads from certain countries. I know, it's stupid because people can get this stuff anyway, but whatever, it's US law.[/QUOTE]

The best hack around that is to publish it as a book, like Phil Zimmermann did for PGP.

I don't think the fact that if you check the factor candidates for primality that you only have to test the first r to tell if r divides any of them because once k>r if it didn't divide one of the first r non filtered candidates then it divides the difference of two with k difference of r giving the same remainder edit: has been brought up. edit: when you go mad r you technically only check the first r-1 because 2*r*p+1 is 1 mod r.

[QUOTE=Mark Rose;410825]The best hack around that is to publish it as a book, like Phil Zimmermann did for PGP.[/QUOTE]

Yeah. I loved that.

While I find RMS to be a little intense, at least he understands law as well as he understands computer code. (It took me many years to understand that they are actually one and the same, but written in different languages.)

[QUOTE=chalsall;410867]Yeah. I loved that.

While I find RMS to be a little intense, at least he understands law as well as he understands computer code. (It took me many years to understand that they are actually one and the same, but written in different languages.)[/QUOTE]I was one of the European team which corrected the scanned pages. I returned the printed version after finishing; sometimes I wish I'd kept them as a souvenir.