Wireshark-dev: Re: [Wireshark-dev] performing cpu/time intensive computation in a protocol dissector

From: Sake Blok <sake@xxxxxxxxxx>
Date: Tue, 5 Aug 2008 20:28:05 +0200

On Tue, Aug 05, 2008 at 02:22:58PM +0200, Paolo Abeni wrote:
> hello,
> 
> In a pending patch for the SSL dissector: 
> 
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2725
> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2029
> 
> it's  implemented the attack to CVE 2008 0166. This is basically a brute
> force against a relative small set of candidate private keys for the SSL
> session. 

Although not an answer to your question, I personally object to the
idea of putting brute force code into Wireshark. Wireshark has a good
reputation as a network analysis tool. Which of course means it can be
used for less honest purposes as well, but putting code in to deliberately
break security based on a weakness in the protocol crosses the line
for me. This would put Wireshark in a whole different set of tools
which might not do it good...

I personally vote against inclusing of this code into the source
tree. How do others feel about the inclussion of this code?

Cheers,
    Sake