Gary said: > Nothing says that a single cookie could not be used by a farm of clients to > push the cookies per second into the thousands.
> Then add that this is millions of know plaintext and known ciphertext pairs > That is not what the key reuse calculations assume. I'm missing a step. How are you getting known plaintext/cyphertext pairs? If an idiot gets a C2S/S2C pair and then sends zillions of packets, he exposes lots of traffic for his keys. Don't do that. If an attacker captures a cookie by spying on the wire, what can he do with it? He doesn't know the C2S so he can't use that cookie in new packets. He can replay the whole packet. That will generate new cookies/cyphertext but doesn't get any plaintext. -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel