Speaker
Mr
Matthäus Wander
(University of Duisburg-Essen)
Description
NSEC3 is a mechanism for authenticated denial of existence in DNSSEC-signed zones. To avoid zone enumeration, names are hashed with SHA-1 and only the resulting hash values are enumerable. In this talk, we present a GPU-based tool for NSEC3 hash breaking, written in OpenCL and Python. The tool can compute 1.8 billion NSEC3 iterations per second on a high-end gaming GPU (AMD Radeon HD 7970). We discuss hash breaking optimization attempts which are inspired by password cracking techniques. The results are meant to aid operators in deciding whether NSEC3 is a useful building block for their DNSSEC setup.
Primary author
Mr
Matthäus Wander
(University of Duisburg-Essen)
Co-author
Mr
Lorenz Schwittmann
(University of Duisburg-Essen)
