Dailydave mailing list archives

Re: Some Sums

From: Ari Takanen <ari.takanen () codenomicon com>
Date: Thu, 8 Feb 2007 07:18:27 +0200

Hmmm, distantly related to this: Maybe us fuzzer developers should
save hashes of some millions of attacks somewhere also, so that we can
prove our tools were used to find the flaws in the first
place... Looking at past iDefence disclosures for example, I am
beginning to doubt that they reward for publishing flaws instead of
finding flaws (this is like patent system in Europe which rewards
first to file, not first to invent)... More and more flaws are found
using tools, and pre-packaged attacks. If a flaw is found using a
product like Codenomicon/PROTOS or CANVAS, I supposed the reward
should also be paid to the tool developer and not the tool user. ;)

Tongue-in-the-cheek-greetings,

/Ari

Date: Wed, 7 Feb 2007 02:11:16 -0500 (EST)
From: "Steven M. Christey" <coley () mitre org>
Subject: Re: [Dailydave] Some Sums
To: dailydave () lists immunitysec com
Message-ID: <200702070711.l177BGJw026300 () faron mitre org>

  I take it that's going to be the hash of some file or other data
  you're > going to produce for someone at sometime in the future?
  Couldn't you just > have used a ZK protocol and left us all out of
  it? ;-) If you're going to use > our inboxes as substitutes for
  escrow/notarisation centres, you could perhaps > tell us just a
  little bit more about what you're doing!


MD5/SHA-1 crackability issues aside*, the next question that
immediately comes to mind is why there isn't a central place for
researchers to do exactly this - make a claim about knowledge that's
provably fixed in a certain place and time.  Oh, wait, we're all
individuals and we don't need anybody else.  There's no need to
organize in any way, shape, or form.  After all, when Ilfak posted
that third-party patch, ABSOLUTELY EVERYBODY knew who he was and
immediately trusted him, so why not Halvar?  Sorry, I forgot about the
outside world for a second.


Snarkily and respectfully,
Steve


* crypto is my kryptonite, I defer to the geniuses.

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Re: Some Sums Steven M. Christey (Feb 07)
- <Possible follow-ups>
- Re: Some Sums Ari Takanen (Feb 08)
  - Re: Some Sums Dave Aitel (Feb 08)
  - Re: Some Sums Olef Anderson (Feb 08)
- Re: Some Sums Ari Takanen (Feb 11)
  - Re: Some Sums Thomas Ptacek (Feb 11)
    - Re: Some Sums Roland Dobbins (Feb 11)
    - Re: Some Sums Paul Melson (Feb 12)
  - Re: Some Sums Olef Anderson (Feb 13)
- Re: Some Sums Steven M. Christey (Feb 12)
  - Re: Some Sums Jared DeMott (Feb 12)