Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: In case y'all didn't catch it yet...
From: Lionel Ferette <lionel.ferette () belnet be>
Date: Thu, 17 Feb 2005 10:57:22 +0100

Hello Valdis,

On Wednesday 16 February 2005 19:08, you produced the following piece of 
wisdom:
[SNIP]
And if it's a crew with a 400K machine zombie net, 3 days.  Maybe a week
given that most of the boxes are consumer-grade machines.

Consider it a "given" that there's at least one "somebody" *already*
situated in that target space...
Granted. But what would those "somebody" find? Maybe it is possible to forge a 
message that would have the same hash as another, given, message. What is the
probability of such a forged message to make any sense? More, to make any 
sense in an "interesting" way for those "somebody"?

I fully agree that the basis for non-repudiation has been shaken: someone may 
claim that (s)he did not sign a message, since it may be possible to forge. 
But I won't lose sleep because of that.

Time to apply for those crypto research funds, though ;-)

Cheers,

Lionel

-- 
"To understand how progress failed to make our lives easier,
please press 3"

Lionel Ferette
BELNET CERT Coordinator

Tel: +32 2 7903385                  http://cert.belnet.be/
Fax: +33 2 7903375                  PGP Key Id: 0x5662FD4B

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]