Vulnerability Development mailing list archives
Re: stackguard-like embedded protection
From: antirez <antirez () linuxcare com>
Date: Thu, 14 Sep 2000 01:41:57 +0200
On Wed, Sep 13, 2000 at 10:21:29PM +0200, Bluefish (P.Magnusson) wrote:
linux i386. I'm wondering why the usage of "int". Perhaps it's good enough for academic papers... But... Better to make things right from the start.
Yes, int is not a good word talking about "portable" stack protection... If int is 32bit, than it may be a compromise between performance and security. 2^32 is a quite large number: it probably saves you if the brute force is for a remote bug. To spoof a 32bit number requires a big time in the middle case. For example if you can try to exploit the program (assuming it back on-line after the first test) testing 10 numbers for second it takes 6 years in the middle case, that is a lot of time in an active attack (we are not talking about cryptography, in which I take the ciphertext and try in my cluster for a long time) Anyway I agree that 64bit is a number that kills the brute force ghost. A tester larger than 64bit is paranoia (i.e. how to throw away your CPU). antirez -- Salvatore Sanfilippo, Open Source Developer, Linuxcare Italia spa +39.049.80 43 411 tel, +39.049.80 43 412 fax antirez () linuxcare com, http://www.linuxcare.com/ Linuxcare. Support for the revolution.
Current thread:
- Re: stackguard-like embedded protection, (continued)
- Re: stackguard-like embedded protection Michael Wojcik (Sep 06)
- Re: stackguard-like embedded protection Bluefish (P.Magnusson) (Sep 07)
- Re: stackguard-like embedded protection typo (Sep 07)
- Re: stackguard-like embedded protection Bluefish (P.Magnusson) (Sep 08)
- Re: stackguard-like embedded protection Bluefish (P.Magnusson) (Sep 07)
- Re: stackguard-like embedded protection Michael Wojcik (Sep 06)
- Re: stackguard-like embedded protection Hiroaki Etoh (Sep 12)
- Re: stackguard-like embedded protection antirez (Sep 13)
- Re: stackguard-like embedded protection Hiroaki Etoh (Sep 13)
- Re: stackguard-like embedded protection antirez (Sep 13)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 13)
- Re: stackguard-like embedded protection Bluefish (P.Magnusson) (Sep 13)
- Re: stackguard-like embedded protection antirez (Sep 13)
- Re: stackguard-like embedded protection Bluefish (P.Magnusson) (Sep 16)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 16)
- Re: stackguard-like embedded protection Bluefish (P.Magnusson) (Sep 17)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 18)
- The much popular t0rnkit. Masial (Sep 17)
- Re: The much popular t0rnkit. Neil Sequeira (Sep 19)
- Re: stackguard-like embedded protection antirez (Sep 13)