[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SSL search attack
-----BEGIN PGP SIGNED MESSAGE-----
From: Scott Brickner <[email protected]>
>>If the segments are shuffled before they are handed out then this attack
>>becomes impossible, since the attacker has no way of knowing when
>>segment 0x1bad will be handed out.
>An excellent point. One I'd missed. I agree that a random shuffle
>of segments is appropriate.
Problem is, though, if *each* segment is shuffled, or shuffled in groups
of 10 or 25 or 50 or what? brutessl is designed for sequential search
through a block of segments. I was pulling down blocks of up to 40 segments
each, for each machine I was running. Of course, with brloop running I
won't be in such a bind (I have yet to see that it really works though..)
but still it also represents a coding problem as to handing out sequential
segments within shuffled blocks.
Hey, by the way Piete, is there gonna be a ego list (rankings) like there
was with the RC4?
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
<[email protected]> fRee cRyPTo! jOin the hUnt or BE tHe PrEY
PGP key - http://bert.cs.byu.edu/~don or PubKey servers (0x994b8f39)
June 7&14, 1995: 1st amendment repealed. Death threats ALWAYS pgp signed
* This user insured by the Smith, Wesson, & Zimmermann insurance company *