Re: [Full-Disclosure] Time Expiry Alogorithm??

• Previous message: Harry Hoffman: "Re: [Full-Disclosure] Why is IRC still around?"
• Maybe in reply to: Gautam R. Singh: "[Full-Disclosure] Time Expiry Alogorithm??"
• Next in thread: Florian Weimer: "Re: [Full-Disclosure] Time Expiry Alogorithm??"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: full-disclosure@lists.netsys.com
Date: Sat, 20 Nov 2004 16:45:07 +0530

Thanks list for the good discussion, now I going back to read crypto basics :)

Thanks & regards,
Gautam

> Yo Gautum!
>
> On Fri, 19 Nov 2004, Gautam R. Singh wrote:
>
> > I was just wondering is there any encrytpion alogortim which expires wit
> > h time.
>
> IPSec, kerboros, etc. all use time as part of the auto-generated session
> key to prevent playback attacks.
>
> If a black hat has an intercepted message he wants to decode then he can
> set his clock to anything he wants to. Time is no help there, except
> to expand the key search space if they are looking for an unknown key.
> If they have the key already nothing you can do if they can reset their
> clock.
>
> All that time gets you is protection from replays.
>
> RGDS
> GARY
 

-- 
Gautam R. Singh
[MCP, CCNA, CSPFA, SA1 Unemployed] pgp:
http://gautam.techwhack.com/key/ | ymsgr: er-333 | msn: ro0_@hotmail
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: Harry Hoffman: "Re: [Full-Disclosure] Why is IRC still around?"
• Maybe in reply to: Gautam R. Singh: "[Full-Disclosure] Time Expiry Alogorithm??"
• Next in thread: Florian Weimer: "Re: [Full-Disclosure] Time Expiry Alogorithm??"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]