On Wed, Nov 2, 2011 at 1:21 AM, Marc Heuse <[email protected]> wrote: > ... > still you dont need a gpu, even with renegotiation disabled and hardware > acceleration present. > Just don't use openssl (or similar libraries).
indeed. reminds me of the vanity onion generator shallot. you could do this with legitimate keys and take forever, or you could generate weak keys quickly to find a prefix in reasonable time. (in this case, legitimate handshakes are not strictly required for testing, but it would be nice to keep that option. for example, establishing an upper bound of concurrent SSL/TLS connections for load balancer / server benchmarks. it takes me forever to do this in software. i can actually stress with hardware acceleration performing full handshakes. i've had to test upwards of 1.5MM concurrent sessions per endpoint on such systems; this is not a theoretical need :) > and the thc-ssl-dos is a proof of concept code, and could be enhanced to > do be more effective too. since we're on the subject: - cipher suite probing to find un-accelerated suites or more computationally expensive suites supported by a target. - client certificate support (with either static|fixed, pre-generated, or on-demand client cert generation) regardless, this is a handy tool. even if i have to manually edit out the script kiddie pisser. :P _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
