From: "Jeff Weinstein" <jsw@netscape.com>
Date: Wed, 20 Sep 95 02:52:20 PDT
To: sameer <sameer@c2.org>
Subject: Re: netscape's response
In-Reply-To: <199509200812.BAA17876@infinity.c2.org>
Message-ID: <9509200248.ZM206@tofuhut>
MIME-Version: 1.0
Content-Type: text/plain


On Sep 20,  1:12am, sameer wrote:
> >   I believe that it would take much longer than 1 minute to mount an
> > attack against a mac, pc, or unix machine that the attacker was not
> 
> 	"time to mount an attack" is not "computation time".
> 
> 	I'm really not debating with -you- though here, just
> describing how the release was inaccurate. I don't deny any of your
> statements

  The issue is that any statement that only mentions the 1 minute figure
is only stating part of the story, just as a statement giving a figure
of several hours is only mentioning a part of the story.  All of the
news articles I've seen (not an exhaustive sample) have only mentioned
the 1 minute number, which only really effects a relatively small
number of our customers.

  If you don't know the pid and ppid, or the tick count in the case of
Mac/PC, you will have to add them to your search, which could make it
take much longer than 1 minute to crack.  If you assume that the unix
machine has been up for a while and has a decent turnover of processes
(not a valid assumption for determining strength) then you would have
to search on average half of 16 bit pid space, and then add a few bits
for the ppid(assuming that it is likely to be close to the pid).

  Even if you only got 8 extra bits from pid and ppid, that turns your
one minute attack into a several hour attack. 

  Anyway, I'm not trying to say that "several hours" is the only answer,
just that it is just as good an answer as "one minute".  As far as I
know, no one has tried this attack without knowing the pids.

> 
> > logged on to.  I don't know exactly how the few hour number was
> > calculated, since it was done by marketing with input from someone else
> > in the group.  Another interesting data point is that the unix version,
> > which was most vulnerable, accounts for less than 10% of our user
> > base, according to the yahoo random link stats.
> 
> 	Is UNIX really the most vulnerable? How many bits did the
> tickcount account for? Seems to me that guessing just time & tick
> would be easier than guessing time, pid and ppid if you are not logged
> into the machine in question. . .

  This is really dependent on how long window has been running.  If you
boot windows and immediately start an ssl connection, then the number
will be pretty low, but if you don't make the first SSL connection until
later, it should get better.  I think an hour would get you around 16-bits,
but this is just a guestimate on my part.  If you leave your machine
running windows for days you will get close to 32bits.

> >   Do you mean that cypherpunks offered to review the netscape code
> > if only we made all the source available on the net?  I think that it
> > is unrealistic to expect us to release all of our source code to the
> > net.  
> 
> 	I was referring to Jim Bidzos's comment, posted to
> cypherpunks. 
> 	The release I will be sending out is written much more cleanly
> than what I initially posted to cypherpunks.

  We had a conference call with RSA folks tuesday, and they will be in
wednesday to take a look at our fix.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.