Kaminsky's DNS hack

[fanf]

beezari posted a copy of the leaked Matasano explanation of Kaminsky's new DNS attack. I believe the explanation isn't quite right. In his interview in the WIRED Threat Level blog Kaminsky mentions that the attack relies on CNAMEs. This means that it does not depend on glue nor on additional section processing, which is what Matasano described. I believe the real explanation is...

$ md5 <~/doc/kaminsky
ef96f2d9e973a36e825793ddeff48ae5

Comments

[gerald_duck]

The problem, as I've noted before, is that nobody's going to take a copy of that md5sum and you can easily edit your posting later. :-p

(The other problem is that md5 is no longer strong enough for this kind of thing.)

[ex-robhu.livejournal.com]

Also, a blackhat probably poisoned your DNS server so you're not really viewing fanf's LJ ;-)

[simont]

ef96f2d9e973a36e825793ddeff48ae5

fanf might be able to edit his LJ post, but he can't edit my comment. And if you reply to this comment, then I won't be able to edit it either (just in case you're worried we might be colluding).

[gerald_duck]

Well, LJ annotates comments that get edited anyway.

On the other hand, if he deleted the comments, who would miss them? More useful to me is that I've now been e-mailed a copy of your reply to my comment. (-8