1995-09-18 - Re: Netscape SSL implementation cracked!

Header Data

From: jis@mit.edu (Jeffrey I. Schiller)
To: cypherpunks@toad.com
Message Hash: 743cfbaff25d47433835b771699c2f52ae0db4357d0596cf3e324994ec4a32ae
Message ID: <ac82c28b000210042af3@[18.162.1.1]>
Reply To: N/A
UTC Datetime: 1995-09-18 06:34:08 UTC
Raw Date: Sun, 17 Sep 95 23:34:08 PDT

Raw message

From: jis@mit.edu (Jeffrey I. Schiller)
Date: Sun, 17 Sep 95 23:34:08 PDT
To: cypherpunks@toad.com
Subject: Re: Netscape SSL implementation cracked!
Message-ID: <ac82c28b000210042af3@[18.162.1.1]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>Makes one wonder what the seed is on a Windows implementation...
>If it's only the time, you can probably approximate what the
>clock is set to within a couple of minutes (if the timezone of the
>client is known).

Who cares what the timezone of the client is. Try searching around in all
24 timezones. The trick with predicting a random number generator isn't
that you have to get the exact key, you just have to narrow the search
space to something reasonable. A couple of minutes times 24 isn't that bad!

                                -Jeff

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMF0SvMUtR20Nv5BtAQEAVQP/ccPp8IM8dnGtdDTajjO1a0sYBo7u7LcB
yracUhWnE6h90DEtEbGHpEUz3UpvMrXVTC1cFYXml8v3zH4DKlgXyIwC1kItAbqB
9NJTtvB1D5Msnoslqkn+ZoP2K8i0ajcHcXlqma32YiQJM6D4KSxFtRgM7vawCVuy
KqnbrdSrQQQ=
=bYf5
-----END PGP SIGNATURE-----







Thread