Bugtraq: Re: Re: Comments re ISC's announcement on bind9 security

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Re: Comments re ISC's announcement on bind9 security

From: ntn () networkontap com
Date: 1 Nov 2007 19:14:06 -0000

Given the extremely small amount of space for randomization (16-bit query ID's) does a cryptographically strong PRNG 
really make difference? Aside from stopping an easy prediction, doesn't it just generate a little extra work for a 
determined malicious individual?

Seems to be a moot point to me---whether the PRNG is  cryptographically weak or not because of the small sequence 
number space.

-ntn

By Date By Thread

Current thread:

Re: Comments re ISC's announcement on bind9 security Henrik Langos (Nov 01)
- <Possible follow-ups>
- Re: Comments re ISC's announcement on bind9 security Network Protocol Security (Nov 01)
- Re: Re: Comments re ISC's announcement on bind9 security ntn (Nov 01)
  - Re: Comments re ISC's announcement on bind9 security Theo de Raadt (Nov 01)
    - Re: Comments re ISC's announcement on bind9 security Tim (Nov 01)
    - Re: Comments re ISC's announcement on bind9 security Shane Kerr (Nov 02)
    - Re: Comments re ISC's announcement on bind9 security Tim (Nov 02)
    - Re: Comments re ISC's announcement on bind9 security Shane Kerr (Nov 02)