Bugtraq mailing list archives
Re: Re: Comments re ISC's announcement on bind9 security
From: ntn () networkontap com
Date: 1 Nov 2007 19:14:06 -0000
Given the extremely small amount of space for randomization (16-bit query ID's) does a cryptographically strong PRNG really make difference? Aside from stopping an easy prediction, doesn't it just generate a little extra work for a determined malicious individual? Seems to be a moot point to me---whether the PRNG is cryptographically weak or not because of the small sequence number space. -ntn
Current thread:
- Re: Comments re ISC's announcement on bind9 security Henrik Langos (Nov 01)
- <Possible follow-ups>
- Re: Comments re ISC's announcement on bind9 security Network Protocol Security (Nov 01)
- Re: Re: Comments re ISC's announcement on bind9 security ntn (Nov 01)
- Re: Comments re ISC's announcement on bind9 security Theo de Raadt (Nov 01)
- Re: Comments re ISC's announcement on bind9 security Tim (Nov 01)
- Re: Comments re ISC's announcement on bind9 security Shane Kerr (Nov 02)
- Re: Comments re ISC's announcement on bind9 security Tim (Nov 02)
- Re: Comments re ISC's announcement on bind9 security Shane Kerr (Nov 02)
- Re: Comments re ISC's announcement on bind9 security Tim (Nov 05)
- Re: Comments re ISC's announcement on bind9 security Theo de Raadt (Nov 01)