1995-10-02 - Spoofing HTTP server certificates

Header Data

From: Greg Miller <gmiller@grendel.ius.indiana.edu>
To: cypherpunks@toad.com
Message Hash: 9b52d9bfe289c03e6424dbb27edcb2369ba1bfbd59658adc33562a1b58b61d01
Message ID: <Pine.3.89.9510020002.A7800-0100000@grendel.ius.indiana.edu>
Reply To: N/A
UTC Datetime: 1995-10-02 04:40:33 UTC
Raw Date: Sun, 1 Oct 95 21:40:33 PDT

Raw message

From: Greg Miller <gmiller@grendel.ius.indiana.edu>
Date: Sun, 1 Oct 95 21:40:33 PDT
To: cypherpunks@toad.com
Subject: Spoofing HTTP server certificates
Message-ID: <Pine.3.89.9510020002.A7800-0100000@grendel.ius.indiana.edu>
MIME-Version: 1.0
Content-Type: text/plain



	Since there has been a lot of talk about the "man in the middle" 
attack on the secure web servers, has anyone actually considered the 
processing time required to fake a certificate from scratch?
	I haven't really familiarized myself with how the certificates 
are generated, etc, but it's my understanding that they are signed with RSA.

	The few recent factorings of RSA keys have shown that brute force 
attacks are feasable with distributed processing.  Since these projects 
were done "just for the fun of it", wouldn't it seem likley that someone 
(or some people) would take the time and effort to factor the certificate 
signing key?  After all, it would actually be worth something.

gmiller@grendel.ius.indiana.edu
http://www.ius.indiana.edu/~gmiller/






Thread