hello,
In a pending patch for the SSL dissector:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2725
https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2029
it's implemented the attack to CVE 2008 0166. This is basically a brute
force against a relative small set of candidate private keys for the SSL
session.
Even if the candidate keys set is relative small (32K), the whole attack
may require some times (a few minutes) even on quite modern/powerful
PCs. To address this issue a variation of said patch as been posted:
https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2081
which expand the funnel API including calls to generate and manage a
window with a progress bar. This calls are used into the dissector to
show the attack progress and eventually to interrupt/cancel the attack
itself.
I would like to know if performing such CPU intensive computations in a
dissector should be always avoided or, for some special situation like
the said one, it can be accepted.
Moreover I would like to know if some kind of user interaction while
performing the dissection, like said progress window, is acceptable, at
least in very special situations.
Cheers,
Paolo
--
Email.it, the professional e-mail, gratis per te: http://www.email.it/f
Sponsor:
Scopri le tue passioni con Leonardo.it!
*
Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=7614&d=5-8
