[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Resistance to swamping attacks via Kim Tom's idea



> The receiver has only one MD5 computation to perform, and so he is able
> to check packets 2^k times more efficiently than an attacker can generate
> them.  

The attacker can pre-compute a million valid packets and send them
cyclically.  To avoid verifying them all, the victim would have to
allot O(million) space.

Or even simpler: the attacker does zero MD5 computations and sends
packets which always (or usually) fail the test.  Now who is spending
more cycles?
_________________________________________________________
Matt Crawford          crawdad@fnal.gov          Fermilab
  PGP: D5 27 83 7A 25 25 7D FB  09 3C BA 33 71 C4 DA 6A