[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSL trouble

To: [email protected], [email protected]
Subject: Re: SSL trouble
From: Will French <[email protected]>
Date: Tue, 29 Aug 1995 23:56:02 -0400
Sender: [email protected]

Scott Brickner writes:
> We've identified several forms of "real-world retaliation:"

> 1) "Result hoarding" - failure to report a found key
> 2) "Segment hoarding" - requesting more segments than one can hope to search
> 3) Denial of service - preventing access to the server

  Perhaps I wasn't clear... by real-world retaliation, I'm
referring to being sued, thrown in jail, belabored about the
head with blunt objects, etc.  The three basic defenses I have
are: (a) not getting people angry, (b) not letting them know who
to be angry at, or (c) the threat of counter-retaliation.  The
"random" method is of type (b).

  I think you are focusing a bit too much on theoretical
efficiency and not enough on bottom-line practicality.  A 37%
waste factor is better than staying in bed and wasting it all.

>>   I _don't_ care about the procedures, as long as I can get
>> the information I need to go my own way.

> So what information wouldn't you be getting?  To "go your own
> way", you need exactly the same information that the client
> workstations use to test one key.  The difference in your code
> and the clients exists solely in how they determine the next
> key to try.

Yes, this is currently true, but there was a suggestion of
witholding part of the challenge in order to keep people honest,
or something like that.  I didn't quite understand it, but I
didn't like it.

Will French  <[email protected]>

Prev by Date: SSL brute/ng
Next by Date: Re: Florida Drivers Permits and a Hello
Prev by thread: Re: SSL trouble
Next by thread: Re: SSL trouble
Index(es):
- Date
- Thread