On 2016/10/13 22:55, Ted Unangst wrote:
> 16 bit IDs don't offer much security. This is well known. A trick to encode
> more bits into the query is to vary the case of the query name. It's case
> insensitive, but all known servers echo it back exactly, case preserving.
Unfortunately not. Many do
Ted Unangst wrote:
> 16 bit IDs don't offer much security. This is well known. A trick to encode
> more bits into the query is to vary the case of the query name. It's case
> insensitive, but all known servers echo it back exactly, case preserving. Thus
> we can twiddle the query on the way out
16 bit IDs don't offer much security. This is well known. A trick to encode
more bits into the query is to vary the case of the query name. It's case
insensitive, but all known servers echo it back exactly, case preserving. Thus
we can twiddle the query on the way out and verify we get exactly the
