Yo Hal! On Sat, 02 Feb 2019 17:00:46 -0800 Hal Murray via devel <[email protected]> wrote:
> Gary said:
> > The whole point is that the client knows the C2S and S2C.
> > Otherwise he can not key a session to the NTPD server. That is the
> > plaintext. And he has the cookie, with the algorithm use to make
> > it. That is the ciphertext.
>
> So if the client knows the C2S and S2C, what is he trying to learn by
> attacking?
As in a previous message: K.
> He already knows his C2S and S2C so there is no point in attacking
> those. Knowing them doesn't help him attack somebody else's C2S/S2C.
> The server's K does get rotated so we don't need a way to force that.
As in a previous message. No, K does not get rotated.
Start with bad assumptions, get bad results.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
[email protected] Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
pgpM4U3eTuEMv.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list [email protected] http://lists.ntpsec.org/mailman/listinfo/devel
