[ntp:hackers] Protocol specification modification for MS-SNTP
mills at udel.edu
Tue Jul 7 21:23:44 UTC 2009
It doesn't make sense to "retry" a signature. However, unless there is a
trapdoor somewhere, it is conceivable that a computed all-zero digest
would be a legitmate and acceptable at the receiver. However, on the
hazard a terrorist might try to flood the sign daemon with bogus
digests, instead of 128 bits of sissy zeros, why not the first 128 bits
of pi? A teenage hacker might not know how to generate that string.
What I would worry about is a terrorist tossing zero digest packets with
randomly chosen key ID at speed. Like a SYN-flood attack, sooner or
later he will get lucky.
Andrew Bartlett wrote:
>On Mon, 2009-07-06 at 22:13 +0000, Dave Hart wrote:
>>It would be preferable to me if we can manage to support both Autokey
>>and Samba signing at the same time. I think the only concession
>>needed is breaking every 2^128th autokey and MD5 signature where the
>>hash happens to be all zeroes.
>Aren't the odds that the universe would die a heat-death before this
>>With care, even that should be
>>avoidable if we treat a correctly-validated all-zeroes signature
>>differently from one where our computed digest differs.
>I suppose the real question is: will the autokey client retry with a
>different signature after a short time?
More information about the hackers