Wireshark
the world's foremost network protocol analyzer
Wireshark-dev: [Wireshark-dev] performing cpu/time intensive computation in a protocol dissector
From: Paolo Abeni <paolo.abeni@xxxxxxxx>
Date: Tue, 05 Aug 2008 14:22:58 +0200
hello, In a pending patch for the SSL dissector: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2725 https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2029 it's implemented the attack to CVE 2008 0166. This is basically a brute force against a relative small set of candidate private keys for the SSL session. Even if the candidate keys set is relative small (32K), the whole attack may require some times (a few minutes) even on quite modern/powerful PCs. To address this issue a variation of said patch as been posted: https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2081 which expand the funnel API including calls to generate and manage a window with a progress bar. This calls are used into the dissector to show the attack progress and eventually to interrupt/cancel the attack itself. I would like to know if performing such CPU intensive computations in a dissector should be always avoided or, for some special situation like the said one, it can be accepted. Moreover I would like to know if some kind of user interaction while performing the dissection, like said progress window, is acceptable, at least in very special situations. Cheers, Paolo -- Email.it, the professional e-mail, gratis per te: http://www.email.it/f Sponsor: Scopri le tue passioni con Leonardo.it! * Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=7614&d=5-8
- Follow-Ups:
- Prev by Date: [Wireshark-dev] help regarding decrypting of ssl
- Next by Date: Re: [Wireshark-dev] help regarding decrypting of ssl
- Previous by thread: Re: [Wireshark-dev] help regarding decrypting of ssl
- Next by thread: Re: [Wireshark-dev] performing cpu/time intensive computation in a protocol dissector
- Index(es):