cryptoanarchy.wiki

Arise, you have nothing to lose but your barbed wire fences!

1995-09-21 - The Next Hack

Header Data

From: sameer <sameer@c2.org>
To: cypherpunks@toad.com
Message Hash: 3ce82cdf90d320dc8fe712f2fb9f8db45c5673594499f53c947e5c5738c977d3
Message ID: <199509211832.LAA24086@infinity.c2.org>
Reply To: N/A
UTC Datetime: 1995-09-21 18:37:06 UTC
Raw Date: Thu, 21 Sep 95 11:37:06 PDT

Raw message

From: sameer <sameer@c2.org>
Date: Thu, 21 Sep 95 11:37:06 PDT
To: cypherpunks@toad.com
Subject: The Next Hack
Message-ID: <199509211832.LAA24086@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


	Now that we've seen that Netscape is doing a good job towards
trying to fix the hole that Ian and David have uncovered, it's time to
start looking at new things.

	Given the recent post to the www-security list that was
forwarded here, it seems like just replacing the server may not work
for all the secure servers out there-- keys may have to be replaced as
well. Let's find out.

Proposal for action:

1) Reverse-engineer a server to see if the keygen phase uses
a weak RNG seed. -- if so, determine the exact algorithim.

2) Organize a net-wide search over the space of the RNG seed to 
crack the private key of some well known secure server.

3) Release the private key to the net.

-- 
sameer						Voice:   510-601-9777
Community ConneXion				FAX:	 510-601-9734
An Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org (or login as "guest")			sameer@c2.org

Thread