RE: [NSE] SSL Fingerprint Matching

["Rob Nicholls" <robert () robnicholls co uk>]

The latest Debian SSL blacklist file at

https://launchpad.net/ubuntu/natty/+source/openssl-blacklist

appears to be 31.4MB at the moment using tar.gz (uncompressed, that takes up
72MB). Even if we keep it compressed, this is more than double the size of
Nmap's current Apple installer, and increases the Windows setup/source code
downloads by around 150%! If we distribute it uncompressed due to a lack of
compression libraries, you're looking at some major increases in bandwidth
(e.g. 91MB vs 19MB on Windows).

Rob

-----Original Message-----
From: nmap-dev-bounces () insecure org [mailto:nmap-dev-bounces () insecure org]
On Behalf Of Mak Kolybabi
Sent: 06 January 2011 20:09
To: Toni Ruottu
Cc: nmap-dev; Arturo 'Buanzo' Busleiman
Subject: Re: [NSE] SSL Fingerprint Matching

On 2011-01-06 22:01, Toni Ruottu wrote:
> Nice work. Why are we worried about the fingerprint file size? Nmap 
> all ready ships with operating system detection and software version 
> identifying databases. How big do we expect the SSL fingerprint file to
become?

Depends on how much info we want to include with each fingerprint. Right
now, I've trimmed it down to the minimum of just saying where it came from
originally, removing all the model/manufacturer/version info.

The other thing that could make the file size balloon is including the
Debian SSL blacklist. I believe those are in the tens of megabytes.

--
Mak Kolybabi
<mak () kolybabi com>

() ASCII Ribbon Campaign | Against HTML e-mail /\  www.asciiribbon.org  |
Against proprietary extensions

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/