Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Algorimic Complexity Attacks
From: Nicholas Weaver <nweaver () CS berkeley edu>
Date: Sun, 8 Jun 2003 10:22:35 -0700
On Sun, Jun 08, 2003 at 06:17:38PM +0200, Pavel Kankovsky composed:


We need a function having a (relatively) small set of results in order to
build a hash table. We can also assume the information about collisions
leaks out via a timing channel. Ergo, a persistent attacker can find
enough collisions by trial and error.


IF the hash is good, FINDING collisions doesn't necessarily help the
attacker, as the attacker really needs to generate lots of collisions
to make the searches O(n) instead of O(1), since that is teh key
behind this attack.

-- 
Nicholas C. Weaver                                 nweaver () cs berkeley edu

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]