hello, On Wed, 2008-08-06 at 09:44 +0200, Sake Blok wrote: > I don't agree with you here. For the current decrypt functions of > Wireshark, the user add specific additional knowledge for *their* > setup. The information needed is private and only available to > legitimate administrators of the systems involved. > > In the case of this CVE, there is no administrator giving access to > the private information.
I really would not to start a flame here, and I'm sorry if my pour English does not help. There are a couple of thinks that should be underlined: the patch does not use any private secret, but data publicly available and which use is well known to be strongly discouraged. I called the code itself a "brute force" since it try different keys, but strictly speaking it does not belong to such attack category, since it does not walk all the key space nor a large-enough subset of said space. It does not 'crack passwords'; instead it identify weak keys. cheers, Paolo -- Email.it, the professional e-mail, gratis per te: http://www.email.it/f Sponsor: Stress da fax? Dimentica carta inceppata e toner esauriti. Invia e ricevi i tuoi fax sul PC. Scopri come! Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=8147&d=6-8 _______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
