| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <72B7D507D7C1A86FA3BB2333@Macintosh.local>
Date: Thu, 31 Jul 2008 22:37:20 -0500
From: Paul Schmehl <pschmehl_lists@...rr.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Re DNS spoofing issue discussion
--On July 31, 2008 9:17:00 PM -0600 don bailey <don.bailey@...il.com>
wrote:
>> The BGP fixes were devised after the last meltdown, but question again
>> is whether they are installed. If DNSSEC had been installed, Kaminsky's
>> issue
>> would not exist.
>>
>
> That's probably not the case. It would only alter the scope of
> attack to include encryption and not simply port+xid. Since UDP
> is stateless one could could have theoretically kicked off some
> semblance of brute force attack against the key used for
> encryption. For algorithms that use bits larger than would be
> feasible for brute force attacks, the latest SNMPv3 vulnerability
> comes to mind, as does Tim Newsham's attack on WEP.
>
> In other words, there are always options. The attack wouldn't have
> gone away. As they say, there are 1,000,000 ways to get to Detroit.
>
Apples and oranges. *Attacks* will never go away, but dnssec, if fully
implemented, would render Dan's attack moot. Unless you've factored 256
bit RSA keys, in which case you should be making six figures.
Paul Schmehl
If it isn't already obvious,
my opinions are my own and not
those of my employer.
Content of type "application/pkcs7-signature" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists