From mboxrd@z Thu Jan 1 00:00:00 1970 Date: Fri, 10 Apr 2009 14:08:25 +0200 From: Mechiel Lukkien To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Message-ID: <20090410120824.GC8655@knaagkever.ueber.net> References: <20090410084102.GG4823@masters6.cs.jhu.edu> <679b27481fefe8cdfa8b7838625ee32b@quanstro.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <679b27481fefe8cdfa8b7838625ee32b@quanstro.net> User-Agent: Mutt/1.5.13 (2006-08-11) Subject: Re: [9fans] exportfs security question Topicbox-Message-UUID: d95a0760-ead4-11e9-9d60-3106f5b1d025 On Fri, Apr 10, 2009 at 07:48:54AM -0400, erik quanstrom wrote: > > We haven't brought up SSL yet, so Eve can read our exchanged random > > numbers... now these values get shoved into SHA-1 (along with the 56 bits of > > entropy from Kn derived from p9any authentication) before being used to make > > the SSL secrets... but... that doesn't seem to matter much. Eve sees the > > first four, the last four, and knows 1/8th of the middle 8 bytes (p9sk1 gets > > an 8-byte secret by unpacking a 7-byte DES key) of the input to the SHA-1 > > function, meaning... Eve still only needs to do at most 2^56 SHA-1 > > operations to search for our SSL secrets [1]... OK, so Eve can't have > > precomputed tables to help her out, fair enough, but this still seems > > dubious. > > > > Subsequently, having done all of this, the secrets fed into the SSL stream > > contain only 80 bits of entropy, which is itself somewhat small (esp. > > relative to the ability of rc4 to use 128 or even 256 bit keys). > > eve has to do zero computation to get at your plan-text stream. > i think they call it transport security for a reason. :-) he probably means eve as in eavesdropper. alice, bob, eve & friends. mjl