WebApp Sec mailing list archives
Re: Using SSL private key for cookie's HMAC
From: Peter Conrad <conrad () tivano de>
Date: Tue, 7 Sep 2004 09:37:38 +0200
Hi, On Mon, Sep 06, 2004 at 05:25:35PM -1000, Jason Coombs PivX Solutions wrote:
Peter Conrad wrote:erm... factoring is better than brute force, isn't it?Which is more difficult, to factor n quickly when you find out what it is, or to locate n in your precomputed product-of-all-primes dictionary?
the lookup, of course. However, that doesn't mean that any sensible attacker would use that approach, because - it's completely impractical (even more impractical than factorization, for reasonably large n) - the precomputation cost only amortizes if you want to break *many* RSA keys, which was not the original question in this thread.
If you're going to break codes, you may as well break them all at once to conserve energy, and then publish the lookup table for all to see.
Except that nobody could actually see it, because the required disk array would collapse into a massive black hole. ;-) Bye, Peter -- Peter Conrad Tel: +49 6102 / 80 99 072 [ t]ivano Software GmbH Fax: +49 6102 / 80 99 071 Bahnhofstr. 18 http://www.tivano.de/ 63263 Neu-Isenburg Germany
Current thread:
- Using SSL private key for cookie's HMAC Simon Zuckerbraun (Aug 27)
- Re: Using SSL private key for cookie's HMAC Andrew Steingruebl (Sep 05)
- Re: Using SSL private key for cookie's HMAC Jeff Williams (Sep 05)
- Re: Using SSL private key for cookie's HMAC Adam Shostack (Sep 05)
- <Possible follow-ups>
- Re: Using SSL private key for cookie's HMAC Jason Coombs PivX Solutions (Sep 05)
- Re: Using SSL private key for cookie's HMAC Peter Conrad (Sep 06)
- Re: Using SSL private key for cookie's HMAC Jason Coombs PivX Solutions (Sep 07)
- Re: Using SSL private key for cookie's HMAC Peter Conrad (Sep 07)
- Webserver problems John Fisher (Sep 09)
- RE: Webserver problems Dinis Cruz (Sep 10)
- Re: Webserver problems Mike Kalinovich (Sep 11)
- Re: Using SSL private key for cookie's HMAC Peter Conrad (Sep 06)