. . . or, perhaps, not just yet. The approach suggested in the aforementioned research is revolutionary and interesting, but not necessarily a particularly practical way to build a supercomputer by stealing from the rich. The amount of bandwidth needed to sustain a reasonable computing rate, and the amount of computations needed to prepare trivia for other systems to solve, is quite high. As a result, this scheme is not efficient enough to outsource the solving of complex mathematical problems to a global supercluster of unwilling victims.
In the scheme outlined earlier, the requirement of exponential computing power is exchanged for the requirement of exponential bandwidth. This is not necessarily a decent trade-off, particularly because only relatively simple tests can be pushed out, considering the packet size limitations of most networks. (All of them could likely be solved in the time it takes to transmit this data over Ethernet.) This technique proves that the attack is possible and provides a truly universal venue to facilitate it, but using more specific attack scenarios might yield much more useful results.
Other ways of stealing negligible amounts of individual computing power are perhaps more interesting as ways to achieve impressive computing power at a low cost. For example, certain types of client software (such as web browsers) can be easily used to execute even fairly complex algorithms in a relatively trivial way. One such example, a “Chinese lottery” computing scheme detailed in RFC 3607,[109] is used by a tiny Java applet that Jean-Luc Cooke’s md5crk.com website encourages webmasters to add to their web pages. Once this applet is added to a site, every visitor to it can execute the applet on their system, borrowing a negligible amount of CPU cycles in order to contribute them to a project aimed at finding MD5 shortcut function collisions. (Collisions are two different messages that produce the same shortcut. They are elusive and anecdotal, although most definitely possible,[34] beings that can allow us to better understand the weaknesses of shortcut functions and could empirically prove and demonstrate that MD5 is too weak to be a match for today’s computers.)
Java applets are small pieces of machine-independent programs that are by default executed by web browsers in special, restricted “sandbox” environments. They have no access to local disk storage and (only in theory) no ability to do any harm, though they can use limited network connectivity to perform computations and to add certain visual elements to a web page. They are most commonly used to enhance websites with additional features, such as interactive games, visual effects, and so on. But Jean-Luc used these applets to do something else: to find likely candidates for collisions using the joint computing power of hundreds or thousands of systems around the world, simultaneously.
The principle behind the applet’s operation was trivial: The applet was executed on client systems worldwide whenever a cooperating website was visited; then, once launched, the applet tried to calculate MD5 shortcuts for different randomly chosen messages. This continued until a shortcut that matched a certain arbitrarily chosen and fixed masking pattern was found. Such a pattern could be “any shortcut with zero for the last four bytes” or something similar. The pattern was chosen so that it does not take too long to find a suitable shortcut by trial and error (so that the person does not have to leave the web page and stop the code before it is found), but so that only a small fraction of all possible shortcuts would match the rule.
Once a suitable message was found, the program “phoned home” with the candidate. The author could then examine the submissions. The applet had already examined and rejected a number of collision candidates, and only submitted those that matched a predefined condition (ones that were partly identical). Because much less variation is possible in the data collected this way, the likelihood of a collision in a chunk of n entries is considerably higher than for purely random data. By analogy, the likelihood of running into two visually indistinguishable apples in an amount of fruit we are capable of going through within one day is higher if we order for delivery only those apples that have nearly the same weight and color, as opposed to purchasing a wagon of arbitrary fruit.
Although somewhere in the gray area of cyber-ethics, this ingenious approach first openly deployed by md5crk.com really worked and provided a good demonstration of how parasitic computing can be both quite effective and stealthy. It appears that the ability to steal processor cycles originally intended to be used for “rightful” purposes is well within reach, and perhaps used more often that we want it to be. And this possibility is here to stay.
But, a cranky skeptic continues, can parasitic computing do more than just nibble tiny bits of CPU power to facilitate cracking encryption schemes, a task few of us are truly interested in?
[34] While this book was being prepared for printing, a team of Chinese researchers from Shandong University—Xiaoyun Wang, Dengguo Feng, Xuejia Lai, and Hongbo Yu—advised of a technique for finding and provided samples of MD4, MD5, HAVAL-128, and RIPEMD-128 collisions. This is one of the more important bits of news in modern cryptography, and confirmation that those functions are inadequate for some security-related applications. While the md5crk.com project has closed down, its contributions to exploring the field of parasitic computing remain valid.