[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Plan C (was Re: Plan B for fixing 5.8.2 binary API)

On Tue, Oct 14, 2003 at 01:37:43PM -0700, Yitzchak Scott-Thoennes wrote:

> I don't know if that's good enough.  I didn't read the exploit paper,
> but wouldn't they just have to have N+1 random keys before the N evil
> keys to defeat your check?  It would make the attack only twice as much
> data (or even much less, since the random keys could be shorter.)

Not sure. The criteria to change strategy is all in 1 if statement.
(Currently the strategy change is to croak with "Awooga")

> Good out-of-the-box thinking, though.

Is that a compliment or an insult? :-)

The idea was inspired by introspective sort, which someone mentioned on
p5p a while back.

Nicholas Clark

Reply to: