Paul said:
A fine piece of work. The ideas expressed in this paper should scare the hell out of everyone who uses NFS for any serious applications, which for a fact includes most banks and all investment banks and brokage houses. In this particular area I KNOW what is at risk. Again, I congratulate the authors on a first-class effort.
I agree, it's a good job of publicizing these holes, but (not to take anything away from these guys, I'm sure they know this), these are not newly found holes. These attacks on NFS have been known and exploited for years and are well known within the security community. What if all NFS traffic was encrypted via a shared key distributed via Diffie-Hellman? Know that would REALLY be secure NFS;) (I know, I know, DH doesn't do secure authentication, so how does Alice know that she didn't just agree to a secret with our Mr Bucket Brigade Mallet!) Patrick _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick@verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/