|
Vulnerability Development
mailing list archives
Re: BackOrifice == DDoS Server???
From: 11a () GMX NET (Bluefish)
Date: Sat, 1 Jul 2000 14:22:21 +0200
Would you also know if the encryption plugins for BO2K are also flawed? They
come in various flavors.
Pine.GSO.4.05.9908021606360.4451-100000 () www securityfocus
com">http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-08-1&msg=Pine.GSO.4.05.9908021606360.4451-100000
() www securityfocus com</A>
Bugtraq on the subject. At least Bo2k plugins foor CAST-256 and IDEA has
been suffering from this problem. Any other code derived from the flawed
MD5 is obviously also vulnerable ;-)
Although this group hardly is aimed for theoretical vulernabilities, how
do you use MD5 to get 256 bits? (I assume CAST-256 to use 256 bit keys) I
suspect that CAST-256 with a MD5-hack never recieves more than 128 bits of
entropy. I most certainly don't trust people who deploy untested, flawed
MD5's to come up with a secure way to derive more than 128 bits from it
...
..:::::::::::::::::::::::::::::::::::::::::::::::::..
http://www.11a.nu || http://bluefish.11a.nu
eleventh alliance development & security team
 By Date 
By Thread
Current thread:
| 
Intro
