Re: [Exim] Yahoo DomainKeys...

On Wed, May 19, 2004 at 11:54:12AM +0100, Ian A B Eiloart wrote:

> >I had a closer look at it this morning. I assume spammers will be
> >able to factorize RSA384 in less than a week. (Let's assume 1000 MIPS
> >years being necessary, a modern PC CPU does about 8000 MIPS, 20 PCs
> >-- this is today and a rather conservative calculation). This would
> >require daily rekeying, which is impracticle.

> Of course, if they just go out and hijack a couple of thousand third party
> PCs, they should be able to do this in minutes.

I think a fairly major point could be added to the topic of all these
hijacked computers - if a spammer has access to a few thousand client
PCs, operating through a "next generation" Internet worm, what is to
stop them from just sending their e-mail using any detected e-mail
accounts accessable using that client PC?

That wouldn't be difficult to do - even for webmail accounts accessed
via the computer. It completely bypasses DomainKeys (by operating
'legitimately' within it), and takes the battleground right back to
where we started.


David.

--
"One world, one web, one program" -- Microsoft promotional advert.
"Ein Volk, ein Reich, ein Fuehrer" -- Adolf Hitler.