On Fri, Nov 26, 2021 at 12:32:19PM +0100, Petr Špaček wrote: > Also, when we are theorizing, we can also consider that resalting > thwarts simple correlation: After a resalt attacker cannot tell if a set > of names has changed or not. With a constant salt attacker can detect > new and removed names by their hash. (I'm not sure it is useful > information without cracking the hashes.)
Actually, no. If one has previously been mostly successful at cracking extant names in a zone, rehashing of a small set (much smaller than the full dictionary one use) of known names is rather quick. So old names can be quickly identified even after a salt change. Leaving just the hashes of new names. Mind you, for cracking the new names, one would still rehash the entire dictionary when the salt changes, the number of new names to check is not a scaling factor in the cost. Just a table join. So periodic resalting does raise the cost of ongoing tracking of a zone's content, if that's the sort of thing one cares enough about. Rarely worth it, but mostly harmless if the salt is not too long and rotated say on each ZSK rollover. -- Viktor. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop