Well, one way is to brute iterate through every potential 256-bit string you dre... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		HappMacDonald on April 8, 2014 \| parent \| context \| favorite \| on: The Heartbleed Bug Well, one way is to brute iterate through every potential 256-bit string you dredge out of the canal against the known public key. If you can dredge up 64kB of fresh data every time, that's 511,744 tests per shovelful which is quite a bit to sift through from a performance perspective but it's also a trivially parallel task. Additionally, folk might know of even better ways to narrow that down. For example, the data representation in memory might have easy to grep for delimiters.

ibmthrowaway218 on April 8, 2014 [–]

65505 tests as I work it out as it's unlikely to be non-byte aligned:-

256 bits is 32 bytes

If you get 64kB of payload data back each time then it can only contain 65536-31=65505 different consecutive strings of 32 bytes.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact