<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: cipe-l,AT,inka,DOT,de
Subject: Re: CRC32 - thoughts on Gutmann response
From: "Eric M. Hopper" <hopper,AT,omnifarious,DOT,org>
Date: Thu, 25 Sep 2003 12:28:22 -0500
In-reply-to: <6933.1064509792@persephone.cfrq.net>
Organization: Omnifarious Software
References: <6933.1064509792@persephone.cfrq.net>

On Thu, 2003-09-25 at 12:09, Harald Koch wrote:
> [ Finally, a technical discussion! >:]
> 
> > I am however pleading for a reasonable view - if you are clever enough to
> > toggle bits in the CRC and the IP length and IP csum and the TCP csum and
> > still keep the TCP stream in step then there are any number of three 
> > letter
> > agencies who would employ you immediately!
> 
> This doesn't require any cleverness these days; the detailed techniques
> are all published. A little research with Google and some C programming
> knowledge are all that is required...

And the worst part is, once someone figures out how, they just write a
little program, and suddenly every idiot knows how.  You have to assume
that any vulnerability, no matter how tiny, will be quickly found out
and exploited by all possible attackers.

Have fun (if at all possible),
--
There's an excellent C/C++/Python/Unix/Linux programmer with a wide
range of other experience and system admin skills who needs work.
Namely, me. http://www.omnifarious.org/~hopper/resume.html
-- Eric Hopper <hopper,AT,omnifarious,DOT,org>

Attachment: signature.asc
Description: This is a digitally signed message part


<< | Thread Index | >> ]    [ << | Date Index | >> ]