Wireshark-dev: Re: [Wireshark-dev] performing cpu/time intensive computation in a protocol diss
From: Sake Blok <sake@xxxxxxxxxx>
Date: Thu, 7 Aug 2008 13:30:25 +0200
On Thu, Aug 07, 2008 at 09:59:41AM +0100, Richard van der Hoff wrote:
> Paolo Abeni wrote:
> >> 2) Change the code to only identify the weak keys, but not use it
> >>    to decrypt the SSL traffic (would this also be CPU intensive?)
> > 
> > Yes. It will take near exactly the same amount of time and computation
> > since, in current code, the larger amount of time is spent looping on
> > candidate weak keys.
> 
> Right. I'd been labouring under the misunderstanding that you could 
> identify whether a key was weak without having to brute force it. Having 
> looked at Paolo's patch a bit more, I now see that isn't true.

Same here...


> This certainly shouldn't be enabled by default - I don't want my 
> wireshark to spend ages attempting to brute-force keys every time I 
> happen to pick up a bit of SSL traffic.

As Wireshark is a "Network Protocol Analyzer" and not a "Vulnerability
Scanning Tool", I would prefer not to waste cycles on identifying
weak ciphers either...

 
> You could leave the code in there, and have an 'identify weak keys' menu 
> option.
> 
> But at present I'm changing my vote to 1) Don't include the code at all.

All considering, I vote for 1) as well.

Cheers,
    Sake