William Allen Simpson wrote:
I've changed the subject. Some of my own rants are about mathematical
cryptographers that are looking for the "perfect" solution, instead of
practical security solution. Always think about the threat first!
In this threat environment, the attacker is unlikely to have perfect
knowledge of the sequence. Shared resolvers are the most critical
vulnerability, but the attacker isn't necessarily in the packet path, and
cannot discern more than a few scattered numbers in the sequence. The
more sharing (and greater impact), the more sparse the information.
In any case, the only "perfect" solution is DNS-security. Over many
years, I've given *many* lectures to local university, network, and
commercial institutions about the need to upgrade and secure our zones.
But the standards kept changing, and the roots and TLDs were not secured.
Now, the lack of collective attention to known security problems has
bitten us collectively.
Never-the-less, with rephrasing, Ben has some good points....
I don't see any actual rephrasing below, unless you are suggesting I
should have said "unpredictable" instead of "random". I think that's a
perfectly fine substitution to make.
Ben Laurie wrote:
But just how GREAT is that, really? Well, we don't know. Why? Because
there isn't actually a way test for randomness. ...
While randomness is sufficient for "perfect" unpredictability, it isn't
necessary in this threat environment.
I agree, but my point is unaltered if you switch "randomness" to
"unpredictability".
Keep in mind that the likely unpredictability is about 2**24. In many
or most cases, that will be implementation limited to 2**18 or less.
Why?
Your DNS resolver could be using some easily predicted random number
generator like, say, a linear congruential one, as is common in the
rand() library function, but DNS-OARC would still say it was GREAT.
In this threat environment, a better test would be for determination of a
possible seed for any of several common PRNG. Or lack of PRNG.
I don't see why. A perfectly reasonable threat is that the attacker
reverse engineers the PRNG (or just checks out the source). It doesn't
need to be common to be predictable.
Oh, and I should say that number of ports and standard deviation are
not a GREAT way to test for "randomness". For example, the sequence
1000, 2000, ..., 27000 has 27 ports and a standard deviation of over
7500, which looks pretty GREAT to me. But not very "random".
Again, the question is not randomness, but unpredictability.
Again, changing the words does not alter my point in any way, though I
do agree that unpredictable is a better word.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
