On 26. 11. 21 11:49, Vladimír Čunát wrote:
On 25/11/2021 13.00, Petr Špaček wrote:
IMHO in the context of NSEC3 the salt would make sense _only_ if it
were rotated faster than attacker was able to walk the zone. Once
attacker has list of hashes available for offline cracking the salt
does not do anything useful anymore.
I disagree; you don't need to rotate so fast. At a moment when a
particular salt won't be contained in future answers, there's no point
in creating a dictionary anymore as it's cheaper to crack the gathered
hashes individually. The only value of dictionary is (possibly)
speeding up attacks on names that will appear in future - and the only
value in re-salting is in making this technique more expensive.
Resalting interval is the period when a particular dictionary is useful,
so basically by halving the interval you double the price of this. [all
IMHO]
You are right right, I did not consider "crack names which do not exist
yet" scenario and focused only on dictionary reuse across zones.
Do you have specific proposals for draft text?
Also, when we are theorizing, we can also consider that resalting
thwarts simple correlation: After a resalt attacker cannot tell if a set
of names has changed or not. With a constant salt attacker can detect
new and removed names by their hash. (I'm not sure it is useful
information without cracking the hashes.)
--
Petr Špaček
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
