Nmap Development mailing list archives
Re: [nmap-svn] r21714 - nmap/todo
From: "Luis MartinGarcia." <luis.mgarc () gmail com>
Date: Wed, 12 Jan 2011 18:53:27 +0100
Hi, On 01/12/2011 07:48 AM, commit-mailer () insecure org wrote:
+o If Nping is compiled w/o SSL support, and the user specifies an + encryption key, it should fail and insist they use --no-crypto + rather than ignoring the key and omitting crypto. Otherwise the + user might think they're getting encryption when they're not. David + found this problem in the server, and we also should check how the + client behaves.
That makes sense. I can solve this easily but first I want your opinion on something. When users specify "--echo-client/server <passphrase>" the passphrase is a mandatory argument. Users can, however, specify a NULL passphrase running: nping --echo-client "" echo.nmap.org The passphrase being NULL does not mean that crypto is not used; only that the encryption key is derived from a bunch of zeroes. So you may be wondering, if passphrases can be NULL why is the parameter mandatory? why don't we make it optional and allow users to simply pass "--echo-client"? Well, the reason why I chose to make it mandatory is because otherwise, the target host would have to be supplied before the "--echo-client" flag, which seems a bit counter-intuitive to me. If I make the argument optional, the argument parser will consider the "echo.nmap.org" in the following example, as the passphrase, not as a hostname, and will complain about a missing target server. nping --echo-client echo.nmap.org So the thing is that if Nping is compiled without OpenSSL and we make users pass "--no-crypto", they still need to supply a passphrase, which is also a bit counter-intuitive. nping --echo-client "unused_passphrase" echo.nmap.org --no-crypto So, what do we do? We could: 1. Make the passphrase an optional parameter and make users supply the hostname before "--echo-client" or "--echo-server". 2. Leave it as a mandatory parameter and just warn the user if "--no-crypto" was not supplied and there is no OpenSSL. 3. ?? I'd go for number 2 because passing a passphrase is what users should normally do, but I'm open to other opinions. What do you think? Luis. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [nmap-svn] r21714 - nmap/todo Luis MartinGarcia. (Jan 12)
- Re: [nmap-svn] r21714 - nmap/todo Fyodor (Jan 13)
- Re: [nmap-svn] r21714 - nmap/todo Luis MartinGarcia. (Jan 13)
- Re: [nmap-svn] r21714 - nmap/todo Luis MartinGarcia. (Jan 13)
- Message not available
- Re: [nmap-svn] r21714 - nmap/todo Luis MartinGarcia. (Jan 18)
- Re: [nmap-svn] r21714 - nmap/todo Fyodor (Jan 19)
- Re: [nmap-svn] r21714 - nmap/todo Fyodor (Jan 13)