 I got plenty of questions or answers to, but so that plug-in, does it check Diffie Hellman or anything like that? Like any of the plug-ins that you could develop for the web browser, like there are components that you can check that aren't the certificate, essentially, and so I'm curious about I have 1,499 cash certificates from banks in the United States that had weak keys and around the world and stuff, because I did talk on this at Aggres on Planet Earth, and we wanted to find out if it was possible to get around that. So like you can have the certificate for the bank, for example, and that plug-in will block it, but what are the other things that are more universal that don't have to do with the certificates in SSL? I mean, you should know you wrote the Wireshark plug-in, so I'm curious, like... Javier, can you translate me this? Sorry, that might be a slight kind of... By translate, I mean, in Spanish. I listen to him, I can't understand him, but I listen to him. I know the Spanish speaker who wants to explain this. I think he's asking if you can blacklist, for example, the components of the Diffie-Hellman protocol. No, you can't. Yeah, sure. I can't read the question in English. Can you blacklist the private exponent of the Diffie-Hellman handshaking? That's the question? You used many words. Let's see why you can't. The problem is that the public numbers are P, G, and both Ys. Ys are the public part of the Diffie-Hellman. P is the prime number and G is the generator. The issue here is that P is really random. So if the client... P is random and it's defined by the server. So if the client is the weak one, if the server is weak, you can. If the client is weak, you can't. But we shouldn't focus only in HTTP. In fact, there are many protocols that use SSL. Can you re-ask? I guess a better way to phrase that question. Sorry, I haven't had breakfast. I'm not a coffee. So is it possible that there are things other than keys that you can pre-compute? You mentioned that there was a Snort plugin. I wasn't familiar with that. So perhaps there are other things you can do to look at the network and see values that cross the wire that are universal, say for like x86, 32-bit machines. Yeah, you need to brute force in each time. If you need to check a communication, you need to brute force it. But how long would it take to do all of the computation necessary for all of the different combinations? That is a problem with the SSH plugin, which is those ones. I mean, if you create many communications in parallel, most of those communication will not be checked. In the case of the WildShark plugin, it's not something too bad because you have the pickup. So you are making an offline attack. But it's not taking too long. Let's try, I mean. Okay. One, two, three. Okay, it's brute forcing. It's brute forcing. It's brute forcing. It's brute forcing. Now it's working. Now it's working. We have a progress bar but in the next session. Okay, let's finish. So that sounds gives you an idea of how much it takes. Right. So I mean, I guess you could write a snort plugin, for example, that sniffs the wire and looks for those Diffie Hellman components and you don't care about certificates. Wouldn't that be smaller than all of the SSL, all of the SSL certificates for all the different architectures? Yeah, the certificates, yes. But we are taking different things. The certificates is one thing and another thing and another issue is the Diffie Hellman exchange. Yeah, I'm trying to improve on the way that you're detecting that they're weak. Like for example, this does not detect a weak, the Firefox plugin does not detect a weak lib SSL that has an opportunity. No, no, no. They're detecting weak certificates. Right, I understand. In order to avoid a man in the middle attack. Yeah, well, you can read the traffic later though. I mean, if there's a weak lib SSL, none of the SSH tools do this. I wasn't like... Yeah, you make a plugin to check Diffie Hellman's too, yeah. Yeah, okay. We'll take a long time in each click in SSL connection, but it's okay. It's up to you, yeah, sure. Another question? Yeah. The last question. Who? You are a privilege. Hello. It's not a question, it's more of a comment. Nice. And I would like to say, and it's not to you, it's to Kurt. I think, personally, I would like to reaffirm that I have complete trust in Kurt's technical expertise, and I think this demonstrates clearly this analysis that he did everything which a good maintainer is expected to do, and I will not have any problems using your packages in the future. And I hope a lot of people will support me. Thank you. And if you need any kind of emotional support, I would be glad to provide it. Thanks.