mersenneforum.org  

Go Back   mersenneforum.org > Great Internet Mersenne Prime Search > PrimeNet

Reply
 
Thread Tools
Old 2005-06-07, 19:48   #1
Damian
 
Damian's Avatar
 
May 2005
Argentina

2·3·31 Posts
Default PrimeNet Security

I have some questions regarding GIMPS security.
Is the connection between my computer and Primenet encrypted? If not, what prevents someone else sending a double checking with the same residue on the same number without actually checking it?
The other question is what is the purpose of a user password if the browser doesn't encrypt it when I check my statistics...
As I don't mind if anyone else reads my statistics I would like to delete my password, does anyone know how I can do that?.
Damian is offline   Reply With Quote
Old 2005-06-07, 20:02   #2
moo
 
moo's Avatar
 
Jul 2004
Nowhere

809 Posts
Default

needs to be changed in primenet hopefully when v5 comes along....
moo is offline   Reply With Quote
Old 2005-06-08, 01:01   #3
chee(s)ehead
 

211C16 Posts
Default

Quote:
Originally Posted by Damian
Is the connection between my computer and Primenet encrypted?
No

Quote:
what prevents someone else sending a double checking with the same residue on the same number without actually checking it?
Lack of incentive -- there's not much of value to steal/hack/forge/vandalize in GIMPS.

One could gain undeserved credit to move up on the Top Producers list, but a rapid rise could provoke close scrutiny by other GIMPSters.

One could "sabotage" GIMPS LL double-check results with a false confirmation, but if it's just another of the 99.999% of DCs that confirm compositeness, what difference will that make? That exponent was already reported to be composite and will probably get factored sometime in the future anyway.

A fake DC report with a nonzero residue that doesn't match the original residue will just provoke a prompt triple-check. (And, of course, submitting a false DC residue of zero will instantly attract high-powered attention and exposure -- we already saw that happen when a false zero residue was _un_intentionally reported!)

Suppose an undetected hardware/software error resulted in an erroneous nonzero residue in the original sincere LL, then someone fakes a matching DC with the same erroneous residue? Well ... hmmm .. I guess someday someone will do a correct triple-check and discover the error ... but anyway this could be an actual problem scenario, and it could even conceiveably (at long odds) hide a real Mersenne prime for a long time.

Richard "cheesehead" Woods (on vacation)
  Reply With Quote
Old 2005-06-09, 18:19   #4
Damian
 
Damian's Avatar
 
May 2005
Argentina

BA16 Posts
Default Ok

And with respect with the password, what's the purpose of the User/Team password?
As far as i know, in a User account anyone accessing his account could stole his credits by changing his name, or merging it with another account. Or I am wrong
That's not tha case in a Team account because the Team name can't be changed that easily (has to email primenet first)
So in the Team case I don't see the point of having a password at all, so anyone can join to the team simply by using the Team name.
Damian is offline   Reply With Quote
Old 2005-06-10, 05:16   #5
cheesehead
 
cheesehead's Avatar
 
"Richard B. Woods"
Aug 2002
Wisconsin USA

22×3×641 Posts
Default

Quote:
Originally Posted by chee(s)ehead
Suppose an undetected hardware/software error resulted in an erroneous nonzero residue in the original sincere LL, then someone fakes a matching DC with the same erroneous residue?
But I forgot: since the last two hex digits of residues are hidden in all reports, trying to fake a matching DC with the same residue (correct or not) as the original LL would have only a 1/256 chance of actually matching the first residue (unless the faker were the same person as the first-time tester, or had access to the first-time tester's data, etc.). So this scenario is at even longer odds than I thought earlier.

Richard "cheesehead" Woods (on vacation)
cheesehead is offline   Reply With Quote
Old 2005-06-10, 06:39   #6
garo
 
garo's Avatar
 
Aug 2002
Termonfeckin, IE

275510 Posts
Default

Yes, but if someone has access to your network traffic they can see those hidden digits as well.
garo is offline   Reply With Quote
Old 2005-06-10, 13:39   #7
Damian
 
Damian's Avatar
 
May 2005
Argentina

2×3×31 Posts
Default You are right

I thought that the redundant bits send to the server (against mail errors) served also for this purpose. Maybe as some kind of hash or signed as with in public key criptography, and not only as CRC. Isn't that the case?

Quote:
Originally Posted by garo
Yes, but if someone has access to your network traffic they can see those hidden digits as well.
Damian is offline   Reply With Quote
Old 2005-06-21, 12:46   #8
garo
 
garo's Avatar
 
Aug 2002
Termonfeckin, IE

53038 Posts
Default

As far as I can remember the message is sent as binary so it is not as bad as clear text. But a determined hacker could find the hidden digits. I don't think there is any encryption, only CRC.
garo is offline   Reply With Quote
Reply

Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
Unclear Security Nick Soap Box 180 2020-06-28 22:04
Water security Nick Soap Box 66 2018-08-03 17:16
security of the webpage? Unregistered Information & Answers 4 2013-02-08 04:42
Key fob security. Xyzzy Science & Technology 13 2007-03-09 02:39
A security puzzle T.Rex Puzzles 12 2007-02-11 11:54

All times are UTC. The time now is 21:15.

Fri Sep 18 21:15:51 UTC 2020 up 8 days, 18:26, 1 user, load averages: 1.34, 1.65, 1.72

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.

This forum has received and complied with 0 (zero) government requests for information.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.
A copy of the license is included in the FAQ.