Vulnerability Development mailing list archives
Re: reverse engineer c or java
From: 11a () GMX NET (Bluefish)
Date: Tue, 23 May 2000 16:16:27 +0200
This question is for clarity for not only myself but all other subscribers to this list. So, you are saying, that if you understand the source code for great programs like SSH/SSL you can create in 5 min a working attack against these protocols?
*NO, NO, NO* I've must have missunderstood you somehow, I thought you were on the topic of 'uncrackable' shareware. 'uncrackable' in the sense of that crackers will fail to make keygenerators or similar things to overcome dateexpires and similar things often perfomed by software pirates. Sounds like there's a mayor missunderstanding of what you ment from my side.
when I say 'show me the Proof Of Concept'. Not to mention your resoning behind the nonchalant attitude of changing the meaning of the word 'uncrackable'... I may just be a 21 year old kid but when someone says
This thread was originally about reverse engineering, and how to stop people from doing so. 'uncrackable' in the that sense. Not the best use of term perhaps, but then again I don't often use the term "crack" together with deciphering.
then this isnt an issue. Besides, if the attacker has admin access why would he need to backdoor a client =/
That's obviously dependent upon situation and software. Perhaps the attacker wishes to do his crime and get out fast to escape notice?
True, it would still be possible to duplicate the authentic client's responses by reverse-engineering the application, but at least it now is a
...
This isn't as simple as you make it sound. You cant guess a correct 128bit key generated at random under certain environmental conditions just by reverse engineering a program's code. If that was actually possible the entire SSH project would be compromised.
I was *not* talking about SSH. I was talking about distributed.net. SSH relies upon securing communication between point A and B, and then let A and B do old fashioned password authentication (or RSA authentication by user's public keys in homedirectories). Distributed.net has the problem that it offers public access, where as SSH only offers access to trusted users.
Grab a book from your local library/University on random number generation and advanced mathematics.
Although you seem to have gotten the impression that I'm a complete idiot, I'm not (or so I hope ;) ... Most of your email is the result of missunderstanding my previous post. ..:::::::::::::::::::::::::::::::::::::::::::::::::.. http://www.11a.nu || http://bluefish.11a.nu eleventh alliance development & security team
Current thread:
- Re: reverse engineer c or java, (continued)
- Re: reverse engineer c or java za () boo ma fu (May 20)
- Outlook, HTML & VBS Joerg Weber (May 21)
- Re: reverse engineer c or java Bluefish (May 21)
- Re: reverse engineer c or java Gordon Messmer (May 21)
- Re: reverse engineer c or java pantera () BALANCEPOINTGOLF COM (May 21)
- Re: reverse engineer c or java Crispin Cowan (May 21)
- Re: reverse engineer c or java Erik Debill (May 22)
- Re: reverse engineer c or java za () boo ma fu (May 21)
- Re: reverse engineer c or java Bluefish (May 22)
- Re: reverse engineer c or java za () boo ma fu (May 22)
- Re: reverse engineer c or java Bluefish (May 23)
- Re: reverse engineer c or java Mark Rafn (May 20)
- Re: reverse engineer c or java Pedro Hugo (May 20)
- Re: reverse engineer c or java phazer (May 20)
- Re: reverse engineer c or java Warner Losh (May 21)
- Re: reverse engineer c or java Liviu Daia (May 22)
- String checking with PHP Arturo Busleiman (May 24)
- Re: String checking with PHP Joe (May 24)
- Re: String checking with PHP Arturo Busleiman (May 24)
- Why not a changeling? Daniel Petzen (May 20)
- Re: Why not a changeling? Bluefish (May 20)