| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 28 Nov 2008 14:06:48 -0500 From: "Elazar Broad" <elazar@...hmail.com> To: arasm@...edu, eric@...hner.us, pschmehl_lists@...rr.com Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Subject: Re: Microsoft takes 7 years to 'solve' a problem?! -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dan has been an exception to just about every rule, including the "you should take me seriously" rule. Not that this is a good thing, the guy is brilliant... On Wed, 26 Nov 2008 14:40:42 -0500 Paul Schmehl <pschmehl_lists@...rr.com> wrote: >--On November 26, 2008 1:59:27 AM -0600 Elazar Broad ><elazar@...hmail.com> >wrote: > >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Um, NTLM isn't the only 20 or so year old protocol to take the >rap >> recently, I can think of a low numbered rfc, lets say 1034 and >> 1035. Hindsight is 20/20, and 20 years ago, who would have >thought >> that a 16 bit number was way too small for DNS transaction id, >the >> same "who would have though" goes for NTLM and the rest. Lets >face >> it, protocol design bugs suck, and to completely replace a >widely >> used protocol ranks pretty high in the PiTA hall of fame... >> > >In that particular case Dan Bernstein not only *did* think about >it but >actually did something about it. It's just that no one else was >listening. > >Paul Schmehl, If it isn't already >obvious, my opinions are my own >and not those of my employer. >****************************************** >WARNING: Check the headers before replying -----BEGIN PGP SIGNATURE----- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wpwEAQECAAYFAkkwQUkACgkQi04xwClgpZiDIQP9FlPRrcxmuee/EiJFAAYZrAeTKvqj Lze+xlyTfWickh0JaczRYfNnho5MWAiie+jF5QjcXPJTch64hWvxm8PzjRbIqcnGGbMa dtvUk7PF7hELryWHy8CRu/WGHq5ejD3CFegdnX9HpbKD8zBXmuJdtNpSc0wwGvGcxe9z XBCqXx4= =w/u9 -----END PGP SIGNATURE----- -- Click here to choose from a huge selection of the billiard accessories you need. http://tagline.hushmail.com/fc/PnY6qxubm7YZMMzPW1eIA3ZOBhrMWDmFw8sLmh0HJftgy2H1YOYys/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists