-----BEGIN PGP SIGNED MESSAGE----- From: Scott Brickner <sjb@austin.ibm.com>
If the segments are shuffled before they are handed out then this attack becomes impossible, since the attacker has no way of knowing when segment 0x1bad will be handed out.
An excellent point. One I'd missed. I agree that a random shuffle of segments is appropriate.
Problem is, though, if *each* segment is shuffled, or shuffled in groups of 10 or 25 or 50 or what? brutessl is designed for sequential search through a block of segments. I was pulling down blocks of up to 40 segments each, for each machine I was running. Of course, with brloop running I won't be in such a bind (I have yet to see that it really works though..) but still it also represents a coding problem as to handing out sequential segments within shuffled blocks. Hey, by the way Piete, is there gonna be a ego list (rankings) like there was with the RC4? Don -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMETbAMLa+QKZS485AQFU7QL/WTljlZyetr0x+L9eBJnrYUNNY1BHfTJn C83wiJgPO5cpR6b/Vn8hYPnMRXnEhaxRJ062TcRitdngsUND1W+6d04Ph1gg/Qj8 US6FtoP+Yk9BhcYlYfogh3YSOxcgIvbu =UiWq -----END PGP SIGNATURE----- <don@cs.byu.edu> fRee cRyPTo! jOin the hUnt or BE tHe PrEY PGP key - http://bert.cs.byu.edu/~don or PubKey servers (0x994b8f39) June 7&14, 1995: 1st amendment repealed. Death threats ALWAYS pgp signed * This user insured by the Smith, Wesson, & Zimmermann insurance company *