Re: OpenID/Debian PRNG/DNS Cache poisoning advisory

From: Forrest J. Cavalier III <mibsoft@mibsoftware.com>
To: Eric Rescorla <ekr@networkresonance.com>
Cc: Leichter, Jerry <leichter_jerrold@emc.com>,Nicolas Williams <Nicolas.Williams@sun.com>,Dan Kaminsky <dan@doxpara.com>,Dave Korn <dave.korn@artimi.com>,'Ben Laurie' <benl@google.com>,bugtraq@securityfocus.com,security@openid.net,'OpenID List' <general@openid.net>,cryptography@metzdowd.com,full-disclosure@lists.grok.org.uk
Subject: Re: OpenID/Debian PRNG/DNS Cache poisoning advisory
Date:


Eric Rescorla wrote:
> 
> To be concrete, we have 2^15 distinct keys, so, the
> probability of a false positive becomes (2^15)/(2^b)=2^(b-15).
> To get that probability below 1 billion, b+15 >= 30, so
> you need about 45 bits. I chose 64 because it seemed to me
> that a false positive probability of 2^{-48} or so was better.
> 
> -Ekr

Since it's a known set, I think you can use perfect hashing.
There will still be false positives, but presumably no
"bad" keys, nor keys matching the hash everyone agrees on,
are going to be issued after today, right?

Yeah, right.






Copyright © 1995-2021 LinuxRocket.net. All rights reserved.