[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bruce Schneier on IPsec
On Mon, Jan 24, 2000 at 02:39:29PM -0500, Sandy Harris wrote:
> "Michael H. Warfield" wrote:
> > On Thu, Jan 20, 2000 at 12:54:00PM -0500, Barney Wolff wrote:
> > > As long as we're responding to commentary, will some kind soul point out
> > > the convincing rebuttal to the vigorous assertion by the unperson (wjs)
> > > that IKE is subject to DoS attack. Surely there is one ...
> Failing that, how about a draft that includes a defense against it?
> > Similarly, can someone post a demonstration of said DoS attack?
> > I would like to examine it.
> The paper includes source code for at least one attack. It was posted
> to the linux-ipsec list and is in the archive at:
> http://www.sandelman.ottawa.on.ca/linux-ipsec/html/1999/06/msg00319.html
The code references a function, in 5 locations, I don't seem to
have, arc4random(). I presume that this has something to do with some ARC4
(alleged RC4) libraries? I also presume that this is just a "better"
random number generator, but I would hate to presume that I could just
substitute something else only to have things not work. There doesn't
seem to be an *rc4random type thing in the OpenSSL libraries I typically
use.
Any thoughts on "the missing piece", where I might find it, or
what I might substitute?
Mike
--
Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com
(The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
References: