SecurityFocus

Re: Re: Comments re ISC's announcement on bind9 security Nov 01 2007 07:14PM
ntn networkontap com (1 replies)

Given the extremely small amount of space for randomization (16-bit query ID's) does a cryptographically strong PRNG really make difference? Aside from stopping an easy prediction, doesn't it just generate a little extra work for a determined malicious individual?

Seems to be a moot point to me---whether the PRNG is cryptographically weak or not because of the small sequence number space.

-ntn

[ reply ]

Re: Comments re ISC's announcement on bind9 security Nov 01 2007 07:51PM
Theo de Raadt (deraadt cvs openbsd org) (1 replies)

Re: Comments re ISC's announcement on bind9 security Nov 01 2007 08:50PM
Tim (tim-security sentinelchicken org) (1 replies)

Re: Comments re ISC's announcement on bind9 security Nov 02 2007 10:45AM
Shane Kerr (Shane_Kerr isc org) (1 replies)

Re: Comments re ISC's announcement on bind9 security Nov 02 2007 12:23PM
Tim (tim-security sentinelchicken org) (1 replies)

Re: Comments re ISC's announcement on bind9 security Nov 02 2007 02:57PM
Shane Kerr (Shane_Kerr isc org) (1 replies)

Re: Comments re ISC's announcement on bind9 security Nov 02 2007 04:01PM
Tim (tim-security sentinelchicken org)