Hullo, --- Sudev Barar <[EMAIL PROTECTED]> wrote:
> Interesting article on Slashdot > http://it.slashdot.org/it/07/11/12/1528211.shtml Compromising security - in a nutshell, this would probably mean that anyone with enough computing power would probably be able to crack SSL keys by brute force. To give some perspective, the now defunct DES standard was cracked within a week by a none too expensive (tens of thousands of USD) machine. And the cryptanalysis of DES requires a time complexity of around 2^40. The microsoft standard requires about 2^23 - an order of magnitude smaller. Something which uses FPGAs optimized for cryptanalysis can probably be built much cheaper, and could do it much faster. The implications? Considering the botnet - STORM, a favored spamming solution today based in Russia, which has about a 100,000 machines at the very least - it would take much, MUCH less to crack this. That said, the Linux PRNG (Pseudo Random Number Generator) is vulnerable to DOS attacks, but thankfully keeps its algorithm dumps in kernel space rather than user space, which is what allowed this to be reverse engineered easily in the first place! Cheers, Viksit -- Viksit Gaur viksit at aya dot yale dot edu http://viksit.com Just because you have a mind like a hammer doesn't mean you should treat everyone else like a nail - Terry Pratchett ____________________________________________________________________________________ Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs _______________________________________________ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Next Event: http://freed.in - February 22/23, 2008 Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/