1995-09-25 - Re: netscape bug

Header Data

From: David_A Wagner <daw@CS.Berkeley.EDU>
To: vznuri@netcom.com
Message Hash: 4e5951583538ba2e156d3c71bebd90280e7b5a6b7bfb9b899a229ef0bd2ac73f
Message ID: <199509251957.MAA15095@quito.CS.Berkeley.EDU>
Reply To: N/A
UTC Datetime: 1995-09-25 19:58:06 UTC
Raw Date: Mon, 25 Sep 95 12:58:06 PDT

Raw message

From: David_A Wagner <daw@CS.Berkeley.EDU>
Date: Mon, 25 Sep 95 12:58:06 PDT
To: vznuri@netcom.com
Subject: Re: netscape bug
Message-ID: <199509251957.MAA15095@quito.CS.Berkeley.EDU>
MIME-Version: 1.0
Content-Type: text/plain


In article <199509201855.LAA17261@netcom16.netcom.com> you write:
> 
> none of the articles mention that the cracker must have login access
> to the computer that the random numbers are generated on. is this true?
> does the code require knowledge of the PID etc. that can only be obtained
> by a login to the system that the netscape session is running on?
> 

No, the time, pid, and ppid often leak to a remote adversary too.
The attack probably requires a bit more sophistication when the
cracker doesn't have login access, but I believe it's still possible.

See my recent post to sci.crypt for some comments from Ian & I
about this.




Thread