From: Sandy Sandfort <sandfort@crl.com>
Date: Tue, 19 Sep 95 20:14:06 PDT
To: Cypherpunks <cypherpunks@toad.com>
Subject: FROM A FRIEND . . .
Message-ID: <Pine.SUN.3.91.950919182936.7667A-100000@crl8.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

Here is a press release that Netscape has issued (is about to 
issue?) concerning their recent miscue.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
---------- Forwarded message ----------
*********************************************************************

Potential Vulnerability in Netscape Products - Netscape Responding
Immediately To Upgrade Customers and Minimize Risk of Future Threats

Summary:
During regular monitoring of Internet security newsgroups, Netscape has
discovered a potential vulnerability in the current version of the Netscape
Navigator. Late Sunday evening two UC-Berkeley students posted a message to
the Internet detailing their efforts to reverse engineer some security
capabilities of the Netscape Navigator. Their efforts revealed how the
program generates session encryption keys, enabling them to replicate these
keys with a moderate amount of computing power and decipher messages sent
across the Internet. The potential vulnerability has since been confirmed by
Netscape engineers. With this knowledge an experienced computer programmer
could decrypt messages sent by Netscape Navigator to other computers in a
few hours of computation time.

Netscape secure software has been in use for almost a year on the Internet
by millions of customers and no thefts of actual customer information
protected by our security have been reported. This posting on the Internet
reported a potential vulnerability, not the actual theft of customer
information. Netscape plans to address this vulnerability
quickly by providing updated software as soon as possible via
the Internet. An updated version of Netscape Navigator 1.1 and 1.2 will be
available for downloading on the Internet next week by existing customers.
In addition, Netscape Navigator 2.0, which was announced yesterday and will
be available next week in beta versions, includes this imporvement as well
as a number of additional security features.

Detailed Issue:
Current versions of Netscape Navigator use  random
information to generate session encryption keys of either
40-bits or 128-bits in length. The random information is found
through a variety of functions that look into a user's machine
for information about how many processes are running, process
ID numbers, the current time in microseconds, etc. The current
vulnerability exists because the size of random input is less
than the size of the subsequent keys. This means that instead
of searching through all the 2^128 possible keys by brute
force, a potential intruder only has to search through a significantly smaller
key space by brute force. This is substantially easier problem to solve
because it takes much less compute time and means
40-bit or 128-bit key strength is substantially reduced.

Solution:
Netscape is already implementing a fix to the specific portion of our
software where this vulnerability exists. We plan to address
the problem by significantly increasing the amount of random information
that cannot be
discovered by external sources from approximately 30-bits to approximately
300-bits. In addition, the random information will be made much more
difficult to replicate because we will greatly expand the techniques and
sources used to generate the random information. Once this improvement is
made, protection of the random information will be as strong as the rest of
the security built into
Netscape.

Netscape has also begun to engage an external group of world class security
experts who will review our solution to this problem before it is sent to
customers. These experts will validate Netscape's solution and insure that
it is complete and effective in solving this vulnerability. The group will
be used on an ongoing basis to work with Netscape's internal security
experts to review the design and implementation of security in Netscape's
products and to provide an additional measure of assurance that these
products implement the highest levels of security possible.

This discovery does not affect the strength or security
of  SSL, RC4, or any other portions of our security
implementations. The fix will restore Netscape security across all products to
the true 40-bit level for Export and true 128-bit level for U.S.
Customers intended before this discovery. Current versions of Netscape
Navigator should be replaced with updated
versions that will be made available next week. In addition, the
current version of the Netscape Commerce Server has a similar vulnerability
during it's initial key-pair generation. Therefore, a patch will be made
available from Netscape and should be applied by Commerce Server customers
to generate a new key pair and server certificate.

Updating Customers:
Netscape will provide the fix for Export (40 bit) versions of Netscape
Navigator later this week for downloading by customers on the Internet.
Similarly, the
Commerce Server patch for Export versions (40 bit) will be made available
from our home page. Because downloading of 128 bit versions of the software
is still not permitted by U.S. law, U.S. customers of Netscape Navigator,
Netscape Navigator Personal Edition and Netscape Commerce Server using 128
bit versions can request the replacement from Netscape for delivery through
the regular mail.

For additional information or replacements for 128-bit versions of software
that you have already purchased, please call the Netscape Replacement Desk
at 415-528-3600, email replace@netscape.com, or contact your existing
Netscape representative
directly. We will inform you immediately when the updated software is
available for download.