Wireshark-dev: Re: [Wireshark-dev] performing cpu/time intensive computation in a protocol diss
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Gerald Combs <gerald@xxxxxxxxxxxxx>
Date: Wed, 06 Aug 2008 15:07:52 -0600
On Wed, 6 Aug 2008 11:17:12 +0200, Sake Blok <sake@xxxxxxxxxx> wrote:
> May I have your votes please? ;-)
> 
> 1) Don't include the code at all
> 2) Change the code to only identify the weak keys, but not use it
>    to decrypt the SSL traffic (would this also be CPU intensive?)
> 3) Add the code as is, including decryption of SSL traffic

I vote for 2.  As others have pointed out, brute-forcing decryption would
move Wireshark into an entirely different application category and limit
its use. However, it would be silly to reject the patch altogether since
this would be a great feature to have. (We could also use weak SSH key
detection, BTW).  I'd prefer to have weak key IDs added to the tree
along with an expert item, but no automatic decryption.

Of course, once you identify a weak key there's nothing stopping you from
using Lua or an external script to build a corresponding ssl.keys_list
preference line. :)