hello,
On Wed, 2008-08-06 at 09:44 +0200, Sake Blok wrote:
> I don't agree with you here. For the current decrypt functions of
> Wireshark, the user add specific additional knowledge for *their*
> setup. The information needed is private and only available to
> legitimate administrators of the systems involved.
>
> In the case of this CVE, there is no administrator giving access to
> the private information.
I really would not to start a flame here, and I'm sorry if my pour
English does not help.
There are a couple of thinks that should be underlined: the patch does
not use any private secret, but data publicly available and which use is
well known to be strongly discouraged.
I called the code itself a "brute force" since it try different keys,
but strictly speaking it does not belong to such attack category, since
it does not walk all the key space nor a large-enough subset of said
space.
It does not 'crack passwords'; instead it identify weak keys.
cheers,
Paolo
--
Email.it, the professional e-mail, gratis per te: http://www.email.it/f
Sponsor:
Stress da fax? Dimentica carta inceppata e toner esauriti. Invia e ricevi i tuoi fax sul PC. Scopri come!
Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=8147&d=6-8