[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSL search attack



-----BEGIN PGP SIGNED MESSAGE-----

From: Scott Brickner <[email protected]>
>>If the segments are shuffled before they are handed out then this attack
>>becomes impossible, since the attacker has no way of knowing when
>>segment 0x1bad will be handed out.
>
>An excellent point.  One I'd missed.  I agree that a random shuffle
>of segments is appropriate.

Problem is, though, if *each* segment is shuffled, or shuffled in groups
of 10 or 25 or 50 or what? brutessl is designed for sequential search
through a block of segments. I was pulling down blocks of up to 40 segments 
each, for each machine I was running. Of course, with brloop running I
won't be in such a bind (I have yet to see that it really works though..)
but still it also represents a coding problem as to handing out sequential
segments within shuffled blocks.

Hey, by the way Piete, is there gonna be a ego list (rankings) like there
was with the RC4? 

Don

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMETbAMLa+QKZS485AQFU7QL/WTljlZyetr0x+L9eBJnrYUNNY1BHfTJn
C83wiJgPO5cpR6b/Vn8hYPnMRXnEhaxRJ062TcRitdngsUND1W+6d04Ph1gg/Qj8
US6FtoP+Yk9BhcYlYfogh3YSOxcgIvbu
=UiWq
-----END PGP SIGNATURE-----
<[email protected]>           fRee cRyPTo!   jOin the hUnt or BE tHe PrEY
PGP key - http://bert.cs.byu.edu/~don     or PubKey servers (0x994b8f39)
  June 7&14, 1995: 1st amendment repealed.  Death threats ALWAYS pgp signed
* This user insured by the Smith, Wesson, & Zimmermann insurance company *