| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <AEAEFAC6D744FE7E2AA6FACB@Macintosh-2.local>
Date: Wed, 26 Nov 2008 13:40:42 -0600
From: Paul Schmehl <pschmehl_lists@...rr.com>
To: Elazar Broad <elazar@...hmail.com>, arasm@...edu, eric@...hner.us
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: Microsoft takes 7 years to 'solve' a problem?!
--On November 26, 2008 1:59:27 AM -0600 Elazar Broad <elazar@...hmail.com>
wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Um, NTLM isn't the only 20 or so year old protocol to take the rap
> recently, I can think of a low numbered rfc, lets say 1034 and
> 1035. Hindsight is 20/20, and 20 years ago, who would have thought
> that a 16 bit number was way too small for DNS transaction id, the
> same "who would have though" goes for NTLM and the rest. Lets face
> it, protocol design bugs suck, and to completely replace a widely
> used protocol ranks pretty high in the PiTA hall of fame...
>
In that particular case Dan Bernstein not only *did* think about it but
actually did something about it. It's just that no one else was listening.
Paul Schmehl, If it isn't already
obvious, my opinions are my own
and not those of my employer.
******************************************
WARNING: Check the headers before replying
Content of type "application/pkcs7-signature" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists