[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re: Comments re ISC's announcement on bind9 security

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Re: Comments re ISC's announcement on bind9 security
From: ntn@xxxxxxxxxxxxxxxx
Date: 1 Nov 2007 19:14:06 -0000

Given the extremely small amount of space for randomization (16-bit query ID's) 
does a cryptographically strong PRNG really make difference? Aside from 
stopping an easy prediction, doesn't it just generate a little extra work for a 
determined malicious individual?

Seems to be a moot point to me---whether the PRNG is  cryptographically weak or 
not because of the small sequence number space.

-ntn

Follow-Ups:
- Re: Comments re ISC's announcement on bind9 security
  - From: Theo de Raadt

Prev by Date: Two XSS on Blue Coat ProxySG Management Console
Next by Date: Re: Airkiosk/formlib application is XSS vuln
Previous by thread: Re: Comments re ISC's announcement on bind9 security
Next by thread: Re: Comments re ISC's announcement on bind9 security
Index(es):
- Date
- Thread