Nmap Development mailing list archives
Re: Uniquely identifying an Nmap install from NSE?
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Fri, 7 Aug 2009 22:36:46 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 07 Aug 2009 17:31:09 -0500 Ron <ron () skullsecurity net> wrote:
On 08/07/2009 05:19 PM, Brandon Enright wrote:What about stealing one from the conficker playbook and use the current week as a source of entropy. Something like svcname = hash(localip + localmac + remoteip + week) Still not much entropy but certainly raising the bar above just MAC. BrandonI don't think including the week or remoteip would make a considerable difference, since they're going to be known to the attacker. But hashing the localip and localmac together is a good idea, it'd create a significantly more difficult bruteforce. Ron
It further occurs to me that we don't need collision-free hash. In fact, if we hashed to say, 32 bits, then we'd almost certainly be collision free even with 300+ people banging on the same machine while at the same time, not providing enough uniqueness in the hash to actually brute force. That is, If you truncate a hash to 32 bits, as long as the domain of input greatly exceeds the domain of output then you can't be sure that you cracked to the actual original input of the hash. The question becomes, how many bits do we want? I think we should design for up to 100 people hitting the machine at the same time, with a less than 1% chance that there will be any collisions in the resulting hash. Anybody feel like popping this into the binomial theorem to compute what we should truncate to? Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) iEYEARECAAYFAkp8rIQACgkQqaGPzAsl94KmhQCeNSOeHTrvBln93haZsB6dmWe4 2aMAn1mhsqQuXH3L+n1cghwO7ns6pZIK =J4tj -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Uniquely identifying an Nmap install from NSE? Ron (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? jah (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Ron (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? David Fifield (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Ron (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Brandon Enright (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Ron (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Brandon Enright (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Ron (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Brandon Enright (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Ron (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Ben Rosenberg (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Ron (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? jah (Aug 07)