|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: iSCSI: possible DH-CHAP rationaleDavid, >That's correct, but I worry that it misses the forest for the trees. >The upshot of this rationale seems to be that it's a reasonable >security policy to not be worried about an attacker having one-at-a-time >access to iSCSI systems, even if the attack providing that access >can be replicated at will but to be sufficiently concerned about >password compromise that provides similar access to justify deploying >a very strong algorithm to prevent it. I don't agree with the "can be replicated at will" and "similar access" statements. It could be that the attacker had a one-time chance to attack (and anyway it depends also on the initiator's will to connect again). Obtaining the password does give a free ticket for that access and maybe more. Regards, Ofer Ofer Biran Storage and Systems Technology IBM Research Lab in Haifa biran@il.ibm.com 972-4-8296253
Home Last updated: Wed Apr 17 16:18:18 2002 9702 messages in chronological order |