From: Laurent Demailly <dl@hplyot.obspm.fr>
To: cypherpunks@toad.com
Message Hash: 7b330b6548695ae510817f962ad0bd0d34cd4c22c1fe881fd978c94372337410
Message ID: <9509210319.AA09639@hplyot.obspm.fr>
Reply To: N/A
UTC Datetime: 1995-09-21 03:49:03 UTC
Raw Date: Wed, 20 Sep 95 20:49:03 PDT
From: Laurent Demailly <dl@hplyot.obspm.fr>
Date: Wed, 20 Sep 95 20:49:03 PDT
To: cypherpunks@toad.com
Subject: Netscape Servers too ? (forwarded message from Marc VanHeyningen)
Message-ID: <9509210319.AA09639@hplyot.obspm.fr>
MIME-Version: 1.0
Content-Type: text/plain
------- start of forwarded message (RFC 934 encapsulation) -------
From: marcvh@spry.com (Marc VanHeyningen)
To: Wayne Wilson <wwilson@umich.edu>
Cc: Kazuma Andoh <andoh@nikkeibp.co.jp>, www-security@ns2.rutgers.edu
Subject: Re: What's the netscape problem
Date: Wed, 20 Sep 1995 07:51:47 -0700
[...]
> http://home.netscape.com/newsref/std/random_seed_security.html
The interesting part of this article is the discussion of random seed
weaknesses on the *server* side. If true, this means anybody could use
the random-seed hole to reverse engineer the process by which the
server's private key information was generated and break that keypair
with much, much much less effort than would normally be needed to factor
a 512-bit RSA key.
(Note that I'm not entirely sure Netscape's server uses 512 bit RSA keys,
since the documentation, technical data sheets, and generation process
don't give any clue about what key size is being used. Guess they don't
want customers worrying their pretty little heads about it.)
This would mean merely getting a fixed server would be insufficient; every
Netscape server user would need to generate a new keypair, get a new Verisign
certificate, and revoke the old one.
(Oops, wait, there's no way to revoke the old one. I guess you just have to
hope nobody does this before all those certificates expire.)
- - Marc
------- end -------
dl
--
Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|... Freedom
Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept
smuggle nuclear North Korea SDI cracking Mossad DES
Return to September 1995
Return to “Laurent Demailly <dl@hplyot.obspm.fr>”
1995-09-21 (Wed, 20 Sep 95 20:49:03 PDT) - Netscape Servers too ? (forwarded message from Marc VanHeyningen) - Laurent Demailly <dl@hplyot.obspm.fr>