On Thu, Mar 11, 2004 at 03:09:45PM +0100, Simon Schlachter wrote: # i am a computer science student and am currently trying to implement a # razor2-client in java.
Wow, cool! # (1) is it necessary that every client and every catalogue server # choose the exactly same parts of a message for hashing? the fact # that the server supplies a seed for the random number generator # leads me to this assumption. This is correct. Ehash stands for "Ephemeral Hash", and by design was originally intended to have a different seed every so often, which would effect different segments of messages to be inspected and hashed into a final signature. # (2) if (1) is true, why do you use perls random number generator # (which could be different on every client) for this purpose, instead # of including an own one in your source code, making razor # independent from the rng of the system it is running on. (as a # matter of fact, you get different random numbers if you run razor on # linux vs if you run it on windows) I didn't write the agents so I don't know; however I will say that all the commercial clients and backend clients use the drand48 algorithm, and I'd venture to guess that whatever mechanism the perl agents are using is probably based on drand48 too, otherwise you're right, it would result in different segments being analyzed. # (3) what are signatures v5 and higher that are used by spamnet? are # they documented anywhere or are they kind of "secret" since they # only appear in spamnet, not in razor? Part of the core philosophy of the SpamNet design is to provide an architectural infrastructure to describe polymorphic messages. The means to describe those messages are embodied as signature algorithms. The beauty of the data model is that one can add an unlimited number of additional algorithms, and as more come into existence and overlap in what they can each describe, their collective ability to detect polymorphisms becomes incredibly reliable and increasingly difficult to evade. So, to answer your question, the other signature algorithms are in fact new algorithms that we've invented that have shipped with our commercial client software. On the surface this might seem as if all the new interesting stuff is being withheld from razor-agents, but that is simply not true. Given the way the data model works, everytime a new algorithm is introduced into the model it serves to tie more of the disparate polymorphisms together, making even the crappiest algorithms still effective by virtue of meta-relationships linking them all together on the backend. Good luck with the client! Email me directly if you have specific questions or problems you run into. Best, --jordan
pgp00000.pgp
Description: PGP signature
