Vulnerability Development mailing list archives
Re: BackOrifice == DDoS Server???
From: 11a () GMX NET (Bluefish)
Date: Sat, 1 Jul 2000 14:22:21 +0200
Would you also know if the encryption plugins for BO2K are also flawed? They come in various flavors.
Pine.GSO.4.05.9908021606360.4451-100000 () www securityfocus com">http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-08-1&msg=Pine.GSO.4.05.9908021606360.4451-100000 () www securityfocus com</A> Bugtraq on the subject. At least Bo2k plugins foor CAST-256 and IDEA has been suffering from this problem. Any other code derived from the flawed MD5 is obviously also vulnerable ;-) Although this group hardly is aimed for theoretical vulernabilities, how do you use MD5 to get 256 bits? (I assume CAST-256 to use 256 bit keys) I suspect that CAST-256 with a MD5-hack never recieves more than 128 bits of entropy. I most certainly don't trust people who deploy untested, flawed MD5's to come up with a secure way to derive more than 128 bits from it ... ..:::::::::::::::::::::::::::::::::::::::::::::::::.. http://www.11a.nu || http://bluefish.11a.nu eleventh alliance development & security team
Current thread:
- Re: BackOrifice == DDoS Server??? Ex Machina (Jun 30)
- Re: BackOrifice == DDoS Server??? Bluefish (Jul 01)
- <Possible follow-ups>
- Re: BackOrifice == DDoS Server??? Ryan Permeh (Jun 30)
- Re: BackOrifice == DDoS Server??? Bluefish (Jul 01)
- Re: BackOrifice == DDoS Server??? Brooke, O'Neil (Jul 05)