[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSL search attacks


Scott Brickner <[email protected]> writes:
>[email protected] writes
>>A random (instead
>>of sequential) allocation _by the keyserver_ (out of unallocated 
>>piecemeal segments) would also take some work to implement. 
>The problem is that it's irrelevant to the problem.  Random allocation
>at the server is equivalent to simply "shuffling" the segments before
>assignment, which doesn't affect the rate at which the space is searched.

The point is that if J. Random Badguy knows that the key lies in segment
0x1bad and wants to get this segment and send a false NAK for it, he can
watch as key segments are doled out (perhaps with clients running on a
number of machines) and when 0x1bad gets close, say, when 0x1b0b comes
out, he can instruct all his clients to start hammering the server for
all they're worth in an attempt to get the key segment assigned to one
of his clients.

If the segments are shuffled before they are handed out then this attack
becomes impossible, since the attacker has no way of knowing when
segment 0x1bad will be handed out.

Version: 2.6.2


David R. Conrad, [email protected], http://www.grfn.org/~conrad
Finger [email protected] for PGP 2.6 public key; it's also on my home page
Key fingerprint =  33 12 BC 77 48 81 99 A5  D8 9C 43 16 3C 37 0B 50
Jerry Garcia, August 1, 1942 - August 9, 1995.  Requiescat in pace.