Date: Thu, 7 Dec 2000 17:30:12 +0200 (IST) From: Roman Shterenzon <roman@xpert.com> To: John Howie <JHowie@msn.com> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: Defeating SYN flood attacks Message-ID: <Pine.LNX.4.30.0012071725510.14010-100000@jamus.xpert.com> In-Reply-To: <00a101c05bdf$4e6e9b00$fd01a8c0@pacbell.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 1 Dec 2000, John Howie wrote: > Given that you know the plaintext (the Client IP Address), the cipher text > (SISN - CISN) and the algorithm, you can work out the key used (eventually). > If the key is only changed at system startup, the longer the system is > running, the more likely it will be that the key is computed. We all talk > about how long our boxes are up and running for (compared to NT/2000) and we > usually talk in months, if not years. The key needs to be changed more > often - perhaps hourly (which still might not be enough). AFAIK, it's still very nontrivial task to deduce the key given the plaintext and the ciphertext, especially when talking about 16 rounds, thing that makes differential cryptanalysis difficult (Or I'm completely lost and need to reread the Applied Cryptography; if so, please remind me). Of course the key should be changed from time to time, perhaps once a day. --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.30.0012071725510.14010-100000>