From mboxrd@z Thu Jan 1 00:00:00 1970 Date: Fri, 10 Apr 2009 11:17:27 -0400 From: Nathaniel W Filardo To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Message-ID: <20090410151727.GH4823@masters6.cs.jhu.edu> References: <20090410084102.GG4823@masters6.cs.jhu.edu> <679b27481fefe8cdfa8b7838625ee32b@quanstro.net> <20090410120824.GC8655@knaagkever.ueber.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="e5bfZ/T2xnjpUIbw" Content-Disposition: inline In-Reply-To: <20090410120824.GC8655@knaagkever.ueber.net> User-Agent: Mutt/1.5.18 (2008-05-17) Subject: Re: [9fans] exportfs security question Topicbox-Message-UUID: d9dd8ee6-ead4-11e9-9d60-3106f5b1d025 --e5bfZ/T2xnjpUIbw Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Apr 10, 2009 at 02:08:25PM +0200, Mechiel Lukkien wrote: > On Fri, Apr 10, 2009 at 07:48:54AM -0400, erik quanstrom wrote: > > > We haven't brought up SSL yet, so Eve can read our exchanged random > > > numbers... now these values get shoved into SHA-1 (along with the 56 = bits of > > > entropy from Kn derived from p9any authentication) before being used = to make > > > the SSL secrets... but... that doesn't seem to matter much. Eve sees= the > > > first four, the last four, and knows 1/8th of the middle 8 bytes (p9s= k1 gets > > > an 8-byte secret by unpacking a 7-byte DES key) of the input to the S= HA-1 > > > function, meaning... Eve still only needs to do at most 2^56 SHA-1 > > > operations to search for our SSL secrets [1]... OK, so Eve can't have > > > precomputed tables to help her out, fair enough, but this still seems > > > dubious. > > >=20 > > > Subsequently, having done all of this, the secrets fed into the SSL s= tream > > > contain only 80 bits of entropy, which is itself somewhat small (esp. > > > relative to the ability of rc4 to use 128 or even 256 bit keys). > >=20 > > eve has to do zero computation to get at your plan-text stream. > > i think they call it transport security for a reason. :-) >=20 > he probably means eve as in eavesdropper. alice, bob, eve & friends. Erm, yes, that... the name collision didn't even occur to me. Sorry. :) --nwf; --e5bfZ/T2xnjpUIbw Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAknfYwcACgkQTeQabvr9Tc9D2QCfUTIe2+kyHscTyfF065JyVVA2 GwAAniJIKFi3WPc/smCUGWOUiw7uAl5H =ZrK3 -----END PGP SIGNATURE----- --e5bfZ/T2xnjpUIbw--