[p2p-hackers] amicima MFP and crypto upgrades

Serguei Osokine osokin at osokin.com
Sun Dec 18 03:17:20 UTC 2005 

On Saturday, December 17, 2005 David Barrett wrote:
> For example, just the other day I was interviewing a candidate (did
> I mention we are hiring?) who aggregates poker stats on other players. 

	Sounds like you're finally switching your development into areas
that can actually bring heaps of money. I always thought that cheating
in poker should be more profitable than P2P content delivery - and now
your hiring approach seems to validate that. Good luck!

	Best wishes -
	S.Osokine.
	17 Dec 2005.


-----Original Message-----
From: p2p-hackers-bounces at zgp.org [mailto:p2p-hackers-bounces at zgp.org]On
Behalf Of David Barrett
Sent: Saturday, December 17, 2005 3:01 PM
To: Peer-to-peer development.
Subject: Re: [p2p-hackers] amicima MFP and crypto upgrades


On Sat, 17 Dec 2005 1:58 pm, coderman wrote:
> On 12/17/05, Matthew Kaufman <matthew at matthew.at> wrote:
>>  ...
>>  2. We've significantly upgraded the "MFP defcrypto" default 
>> cryptographic
>>  plug-in.
>
> i forgot to mention this previously but it is always a good idea to
> lock memory pages where key material and cipher state resides.

I'm not sure I follow how this helps: who is it protecting against?  If 
you don't want the user to get access to cipher info, requiring root 
access isn't much of a barrier (any hacker will have root on his own 
box).  And one user can't access the memory of another user's 
processes.  I'm not disputing the technique, I just don't understand 
when to apply it.

For example, just the other day I was interviewing a candidate (did I 
mention we are hiring?) who aggregates poker stats on other players.  
Despite all sorts of clever on-the-wire encryption, he just figured out 
where all the stats are kept in plaintext in memory and tapped into 
that.  Doh!

Ultimately, it's never a good idea to send data to a client that you 
don't want to fall into the wrong hands.  Memory protection might stop a 
non-root user from accessing his own memory, but this seems like a 
boundary case (unless I'm misunderstanding it).

-david
_______________________________________________
p2p-hackers mailing list
p2p-hackers at zgp.org
http://zgp.org/mailman/listinfo/p2p-hackers
_______________________________________________
Here is a web page listing P2P Conferences:
http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences

More information about the P2p-hackers mailing list