[ntp:hackers] Protocol specification modification for MS-SNTP

David Mills mills at udel.edu
Tue Jul 7 21:23:44 UTC 2009


Andrew,

It doesn't make sense to "retry" a signature. However, unless there is a 
trapdoor somewhere, it is conceivable that a computed  all-zero digest 
would be a legitmate and acceptable at the receiver. However, on the 
hazard a terrorist might try to flood the sign daemon with bogus 
digests, instead of 128 bits of sissy zeros, why not the first 128 bits 
of pi? A teenage hacker might not know how to generate that string.

What I would worry about is a terrorist tossing zero digest packets with 
randomly chosen key ID at speed. Like a SYN-flood attack, sooner or 
later he will get lucky.

Dave

Andrew Bartlett wrote:

>On Mon, 2009-07-06 at 22:13 +0000, Dave Hart wrote:
>
>  
>
>>It would be preferable to me if we can manage to support both Autokey
>>and Samba signing at the same time.  I think the only concession
>>needed is breaking every 2^128th autokey and MD5 signature where the
>>hash happens to be all zeroes.  
>>    
>>
>
>Aren't the odds that the universe would die a heat-death before this
>occurs?  
>
>  
>
>>With care, even that should be
>>avoidable if we treat a correctly-validated all-zeroes signature
>>differently from one where our computed digest differs.
>>    
>>
>
>I suppose the real question is: will the autokey client retry with a
>different signature after a short time? 
>
>Andrew Bartlett
>
>  
>



More information about the hackers mailing list