Paolo Abeni wrote: >> 2) Change the code to only identify the weak keys, but not use it >> to decrypt the SSL traffic (would this also be CPU intensive?) > > Yes. It will take near exactly the same amount of time and computation > since, in current code, the larger amount of time is spent looping on > candidate weak keys.
Right. I'd been labouring under the misunderstanding that you could identify whether a key was weak without having to brute force it. Having looked at Paolo's patch a bit more, I now see that isn't true. This certainly shouldn't be enabled by default - I don't want my wireshark to spend ages attempting to brute-force keys every time I happen to pick up a bit of SSL traffic. You could leave the code in there, and have an 'identify weak keys' menu option. But at present I'm changing my vote to 1) Don't include the code at all. Cheers Richard -- Richard van der Hoff <[EMAIL PROTECTED]> Project Manager Tel: +44 (0) 845 666 7778 http://www.mxtelecom.com _______________________________________________ Wireshark-dev mailing list [email protected] https://wireshark.org/mailman/listinfo/wireshark-dev
