This is a brief analysis of the primary security issues that should be considered by a prospective FAFNER helper who wants to help us crack RSA-130. Please follow the embedded hyperlinks for more details.

Thanks for reading!

FAFNER represents a good concept --- Net-volunteerism. We don't expect FAFNER volunteers to expose themselves to significantly higher security risks as a reward for their altruism, because that would damage the cause of Net-volunteerism in general. But any piece of networked software can land you in trouble if it's not installed, configured, or maintained correctly.

Remember, all of the following security discussions are purely advisory; we can't warrant that the FAFNER software is free from holes not mentioned here, or in fact suitable for any purpose at all (see our copyright notice and disclaimer for details). The final arbiter of whether a given software package belongs on your machine is you, even if that means reading and understanding the source code of the package you're installing.

There are three primary ways to volunteer computational resources to help factor RSA130; we discuss the security issues of each in turn.

I) Helping by Email

Scenario

FAFNER Sieving clients who want to receive tasks by email (more details) fill out a brief Web-based registration form that describes the size of the tasks they want, and FAFNER sends them the tasks by email. They run the GNFS software offline to generate the answers, which they return to FAFNER by email. Then FAFNER sends another task, and the cycle begins again.This is the simplest option, involving the smallest trusted software base, and is therefore considered the least risky.

Trusted Software Base

Email volunteers have to run the GNFS package from Bellcore (More Details) to get the answers to the tasks they are sent. GNFS does not interact with the network in any way; it is a stable, computationally intensive numerical package, consisting of approximately 15,000 lines of C code.

Potential Risks

To reduce the burden on users and cut down on typing errors, FAFNER automatically emails tasks to its email volunteers in the form of Bourne-shell scripts. These scripts are kept short on purpose so that recipients can visually verify them at a glance --- each contains just 2 executable lines of shell commands.

We explicitly warn users (at time of signup and with a reminder in each task mailed out) that they must manually inspect and verify the shell scripts that are mailed to them before execution. We also warn all the evil geniuses out there against automating the process via mailer aliases that pipe mail to shells for automatic execution.

II) Running a GNFS Daemon Process

Scenario

FAFNER sieving clients who want to avoid the manual process of saving, verifying, executing, and remailing tasks by email can run the GNFS Daemon (GNFSD) on their machine. This daemon interacts with the FAFNER Web server to download tasks, solve them, and return the answers automatically.

Trusted Software Base

The GNFS Daemon receives commands from humans and FAFNER servers on TCP/IP port 5453; it also acts like a Web browser (like Netscape) to access FAFNER web pages via HTTP. (More Details) GNFSD is not yet considered entirely stable (bugfixes and patches appear twice a week on average), but has been used successfully on a wide range of machines. The daemon consists of approximately 2,500 lines of C code which augment the basic GNFS package (see "Email Clients" above) with network services.

Potential Risks

Anyone in the world can connect to GNFSD at port 5453, but the small set of commands the daemon understands limits the side effects to simple misconfiguration or death of the daemon process. To further reduce the risks posed, GNFSD may run as any user you like, including "nobody". GNFSD probably inherits some of the potential security risks common to all autonomous daemon processes with undiscovered bugs (cf. Sendmail).

III) Installing Your Own Subserver

Scenario

Sites which have many clients to contribute can check out a copy of the FAFNER Web server software, which they install within their own HTTP document tree. The main FAFNER server communicates with the new FAFNER subserver on a regular basis to pass along large ranges of tasks and updates to the FAFNER software.

Trusted Software Base

The FAFNER server software consists of approximately 8,000 lines of Perl 4 code, much of which consists of the text that makes up each visible Web page. This software is not yet stable, since new features are added in response to suggestions from each of the installed FAFNER sites.

Potential Risks

• User Registration Service. Individual users are encouraged to register with the FAFNER web server when they join the effort. For informational purposes, we solicit contact information such as organization, address, and phone number, and give each user the option to withhold any or all of that information from publication on the Web. FAFNER supports completely anonymous volunteerism --- other than the FAFNER server administrator, no one else on the Web can determine the location or identity of a FAFNER contributor without their permission.

• Task Service. The most common form of service, task service consists of a special page that gives out sieving tasks upon request. Malicious users can stage denial-of-service attacks on a FAFNER server by emptying the task queue and discarding the tasks, or by initiating enough page accesses to bring the server to a halt. These are irritating, but not permanently harmful to the Webserver itself, and are common to any site that runs a Web server that's visible to the world.

• Software Update Service. This is the largest potential security risk, but one that can be disabled. FAFNER subserver administrators can click a button in the administrative control panel (which is access-protected by an encrypted password) to automatically download and install the latest version of the FAFNER server software. The online instructions clearly warn the administrator to use only trusted FAFNER hosts for this operation, and to manually inspect the software running at that site before downloading and installing it. A sufficiently careless administrator could conceivably download malicious CGI scripts using this powerful and useful (and therefore potentially dangerous) software distribution mechanism.