Packet Signatures

• Someone demo’d “session hijacking”

• Somewhat unfairly, Netware got lots of bad press for that

• Solution was “packet signature”

• Client and sever compute h(R, x, constant), and use that as a “session key”

• The “signature” is like a checksum, but it depends on the beginning of the packet and the session key, so without knowing the session key you can’t hijack the session

Previous slide

Next slide

Back to first slide

View graphic version