A bold ssl idea ?
lyal collins
lyalc at ozemail.com.au
Sun Sep 3 04:45:46 PDT 1995
Having watched the discussions of recent of the SSL bruting, it occured to
me that a variation could also be useful.
I understand that setting up RC4 keys is slower that testing for the correct
key (I may have misuderstood this bit).
As a company using SSL can ahve all it's SSL traffic sniffed, from multiple
people accessing, a log can easily be built of message/keys.
Is it considered practical to modify the brutessl code to have multiple
message data, and test each against a key from allocated key space ?
If so, this may mean that perhaps 3 message can be tested against a single
in the time two single keys could be tested against one message.
An an attack scenario, this is a hell of a lot more "efficient" than current
trials have been. I realise this could also be considered a bit of target
for the main purpose of demonstrating weaknesses, and improving techiquess.
My thoughts, anyway - i hope they make sense.
lyal
More information about the cypherpunks-legacy
mailing list