Dumb mode question

Paul Crowley paul at ciphergoth.org
Wed Jul 6 10:17:54 PDT 2005

meepbear * wrote:
> I was finishing up my server when I started wondering whether the 
> assoc_handle from 'regular' mode and the one from 'dumb' mode shouldn't 
> be completely unrelated?

I can't see any reason this attack wouldn't work.  I must have been in 
dumb mode when I failed to spot this flaw.

I've just been to a lecture about this tool, I'll see if I can use it on 
OpenID: http://www.avista-project.org/
\/ o\ Paul Crowley, paul at ciphergoth.org
/\__/ http://www.ciphergoth.org/

More information about the yadis mailing list