Widgets for Webmasters
Posted by Dancho Danchev @ 9:25 am The short answer is being paranoid about tackling a known vulnerability. It’s 2001, and Daniel J. Bernstein (DJB), author of the then popular djbdns security-aware DNS implementation, is applying basic math principles to raise awareness on what’s to turn into the “sky is falling” critical Internet vulnerability in 2008, in an email on the unix.bind-users newsgroup : “I said “cryptographic randomization.” The output of random() is not cryptographically secure. In fact, it is quite easily predictable. This is a standard exercise in first-semester cryptography courses. Randomizing the port number makes a huge difference in the cost of a forgery for blind attackers—i.e., most attackers on the Internet. It’s funny that the BIND company has gone to so much effort to move from the first line to the... [read full story]
