View Single Post
  #1   (View Single Post)  
Old 25th October 2011
J65nko J65nko is offline
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,505
Default New denial of service tool knocks out encrypting servers


A group calling itself The Hacker's Choice (THC) has released a tool that enables a single computer to disable an encrypting server. The concept used by the tool is based on forcing the server to renegotiate the key used for encryption.

Encrypting and decrypting payload data for services such as https is not particularly resource-hungry. Where an https connection gets really resource-intensive is in establishing the SSL connection, which involves key negotiation. This is, in part, because data encryption is carried out using highly efficient symmetric algorithms such as AES. To negotiate the AES session key, however, SSL needs to use resource-intensive asymmetric algorithms such as RSA. This is due both to the specific mathematical process involved and the key length required – AES, for example, requires 128 or 256 bits, whereas RSA requires 1024 or even 2048 bit keys.
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote