Nmap Development mailing list archives
Re: Uniquely identifying an Nmap install from NSE?
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Fri, 7 Aug 2009 22:51:17 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 07 Aug 2009 17:39:25 -0500 Ron <ron () skullsecurity net> wrote:
On 08/07/2009 05:36 PM, Brandon Enright wrote:It further occurs to me that we don't need collision-free hash. In fact, if we hashed to say, 32 bits, then we'd almost certainly be collision free even with 300+ people banging on the same machine while at the same time, not providing enough uniqueness in the hash to actually brute force. That is, If you truncate a hash to 32 bits, as long as the domain of input greatly exceeds the domain of output then you can't be sure that you cracked to the actual original input of the hash. The question becomes, how many bits do we want? I think we should design for up to 100 people hitting the machine at the same time, with a less than 1% chance that there will be any collisions in the resulting hash. Anybody feel like popping this into the binomial theorem to compute what we should truncate to? BrandonThat's a good point. Another thing to consider: not everybody has SSL support, so using a hash I can implement inline would be nice. I'm thinking like, CRC32 level.
You could code up RC4 in Lua in very few lines of code. Just use the "hash input" as the RC4 key, throw away a 1kB of output, and then read N bits from the generator. BTW, the answer for 100 people at 1% probability is 19 bits. That is: people to exceed 1% = sqrt(2 * 2^bits * ln(1/(1-.01))) Is nicely 102 at 19 bits. If we used 20 bits in the hash then 145 people could use the machine at once with a 1% chance of collision. We just need to find more than 19-20 bits of entropy for input to the hash (preferably like 30 bits) to make brute forcing moot. Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) iEYEARECAAYFAkp8r+wACgkQqaGPzAsl94L0ggCgsIUcLZff9v1LD+BQKAjIMdtJ 8tIAoLtXZYFHI0XaqMM6p9OUQx9Mn4HF =WnbQ -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Uniquely identifying an Nmap install from NSE? Ron (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? jah (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Ron (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? David Fifield (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Ron (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Brandon Enright (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Ron (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Brandon Enright (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Ron (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Brandon Enright (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Ron (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Ben Rosenberg (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Ron (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? jah (Aug 07)