Wireshark-dev: Re: [Wireshark-dev] performing cpu/time intensive computation in a protocol diss
On Tue, Aug 05, 2008 at 02:22:58PM +0200, Paolo Abeni wrote:
> hello,
>
> In a pending patch for the SSL dissector:
>
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2725
> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2029
>
> it's implemented the attack to CVE 2008 0166. This is basically a brute
> force against a relative small set of candidate private keys for the SSL
> session.
Although not an answer to your question, I personally object to the
idea of putting brute force code into Wireshark. Wireshark has a good
reputation as a network analysis tool. Which of course means it can be
used for less honest purposes as well, but putting code in to deliberately
break security based on a weakness in the protocol crosses the line
for me. This would put Wireshark in a whole different set of tools
which might not do it good...
I personally vote against inclusing of this code into the source
tree. How do others feel about the inclussion of this code?
Cheers,
Sake