Autor: David Wilson Data: A: Ian A B Eiloart CC: Exim Users List Assumpte: Re: [Exim] Yahoo DomainKeys...
On Wed, May 19, 2004 at 11:54:12AM +0100, Ian A B Eiloart wrote:
> >I had a closer look at it this morning. I assume spammers will be
> >able to factorize RSA384 in less than a week. (Let's assume 1000 MIPS
> >years being necessary, a modern PC CPU does about 8000 MIPS, 20 PCs
> >-- this is today and a rather conservative calculation). This would
> >require daily rekeying, which is impracticle. > Of course, if they just go out and hijack a couple of thousand third party
> PCs, they should be able to do this in minutes.
I think a fairly major point could be added to the topic of all these
hijacked computers - if a spammer has access to a few thousand client
PCs, operating through a "next generation" Internet worm, what is to
stop them from just sending their e-mail using any detected e-mail
accounts accessable using that client PC?
That wouldn't be difficult to do - even for webmail accounts accessed
via the computer. It completely bypasses DomainKeys (by operating
'legitimately' within it), and takes the battleground right back to
where we started.
David.
--
"One world, one web, one program" -- Microsoft promotional advert.
"Ein Volk, ein Reich, ein Fuehrer" -- Adolf Hitler.