hello, In a pending patch for the SSL dissector:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2725 https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2029 it's implemented the attack to CVE 2008 0166. This is basically a brute force against a relative small set of candidate private keys for the SSL session. Even if the candidate keys set is relative small (32K), the whole attack may require some times (a few minutes) even on quite modern/powerful PCs. To address this issue a variation of said patch as been posted: https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2081 which expand the funnel API including calls to generate and manage a window with a progress bar. This calls are used into the dissector to show the attack progress and eventually to interrupt/cancel the attack itself. I would like to know if performing such CPU intensive computations in a dissector should be always avoided or, for some special situation like the said one, it can be accepted. Moreover I would like to know if some kind of user interaction while performing the dissection, like said progress window, is acceptable, at least in very special situations. Cheers, Paolo -- Email.it, the professional e-mail, gratis per te: http://www.email.it/f Sponsor: Scopri le tue passioni con Leonardo.it! * Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=7614&d=5-8 _______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
