From: Laurent Demailly <dl@hplyot.obspm.fr>
Date: Wed, 20 Sep 95 20:49:03 PDT
To: cypherpunks@toad.com
Subject: Netscape Servers too ? (forwarded message from Marc VanHeyningen)
Message-ID: <9509210319.AA09639@hplyot.obspm.fr>
MIME-Version: 1.0
Content-Type: text/plain


------- start of forwarded message (RFC 934 encapsulation) -------
From: marcvh@spry.com (Marc VanHeyningen)
To: Wayne Wilson <wwilson@umich.edu>
Cc: Kazuma Andoh <andoh@nikkeibp.co.jp>, www-security@ns2.rutgers.edu
Subject: Re: What's the netscape problem 
Date: Wed, 20 Sep 1995 07:51:47 -0700

[...]
> http://home.netscape.com/newsref/std/random_seed_security.html

The interesting part of this article is the discussion of random seed
weaknesses on the *server* side.  If true, this means anybody could use
the random-seed hole to reverse engineer the process by which the
server's private key information was generated and break that keypair
with much, much much less effort than would normally be needed to factor
a 512-bit RSA key.

(Note that I'm not entirely sure Netscape's server uses 512 bit RSA keys,
since the documentation, technical data sheets, and generation process
don't give any clue about what key size is being used.  Guess they don't
want customers worrying their pretty little heads about it.)

This would mean merely getting a fixed server would be insufficient; every
Netscape server user would need to generate a new keypair, get a new Verisign
certificate, and revoke the old one.

(Oops, wait, there's no way to revoke the old one.  I guess you just have to
hope nobody does this before all those certificates expire.)

- - Marc
------- end -------

dl
--
Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|...  Freedom
Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept

smuggle nuclear North Korea SDI cracking Mossad DES