Wireshark-dev: Re: [Wireshark-dev] performing cpu/time intensive computation in a protocol diss

From: Ulf Lamping <ulf.lamping@xxxxxx>
Date: Tue, 05 Aug 2008 22:17:48 +0200
Sake Blok schrieb:
On Tue, Aug 05, 2008 at 02:22:58PM +0200, Paolo Abeni wrote:
hello,

In a pending patch for the SSL dissector:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2725
https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2029

it's  implemented the attack to CVE 2008 0166. This is basically a brute
force against a relative small set of candidate private keys for the SSL
session.

Although not an answer to your question, I personally object to the
idea of putting brute force code into Wireshark. Wireshark has a good
reputation as a network analysis tool. Which of course means it can be
used for less honest purposes as well, but putting code in to deliberately
break security based on a weakness in the protocol crosses the line
for me. This would put Wireshark in a whole different set of tools
which might not do it good...

I personally vote against inclusing of this code into the source
tree. How do others feel about the inclussion of this code?


FULL ACK to Sake!

Here in germany we have a (IMHO pretty obscure) law that prohibits the use of "hacker tools" - whatever that exactly is, is still to be found out in court :-(

By a technical layman (lawyer or judge) Wireshark could be a borderline case of such a hacker tool, but I think in it's current state WS is on the "safe side" of this "legal border".

I mean such a legal discussion "hacker tool or not" would be a *lot* more difficult if WS would contain brute force attack code intended to crack passwords!

Is it really worth to get into this trouble (probably not only in germany), if there are already other tools for this purpose out there to do this ... ?

Regards, ULFL

P.S: If WS would contain any cracking stuff, it would also be much more difficult to get the allowance to use it in any corporate networks!