From: Toto <toto@sk.sympatico.ca>
To: trei@process.com
Message Hash: 4ece80ffb19b3f91304e8a3e8fab2655b98b9bbb320d68f7bb562701c884be5a
Message ID: <331F59E1.1FE7@sk.sympatico.ca>
Reply To: <199703061513.HAA13900@toad.com>
UTC Datetime: 1997-03-07 01:38:48 UTC
Raw Date: Thu, 6 Mar 1997 17:38:48 -0800 (PST)
From: Toto <toto@sk.sympatico.ca>
Date: Thu, 6 Mar 1997 17:38:48 -0800 (PST)
To: trei@process.com
Subject: Re: Microsoft Authenticode key security
In-Reply-To: <199703061513.HAA13900@toad.com>
Message-ID: <331F59E1.1FE7@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain
Peter Trei wrote:
> Really guys, If you want to attack Authenticode (and I personally
> consider it a bandaid on a dangerous system), then stealing or
> buying the key is not the approach to take.
>
> I see two possible approaches to prove it's weakness.
>
> 1. If they are using RSA, factor the public key. This depends on it's
> length. Considering the amount of cpu people seem to be able to
> muster for distributed cracks, etc, I suspect that 512 bit keys will
> soon be vulnerable (equiv = RSA 155).
After having done a complete analysis of all the factors involved,
I have determined that Authenticode could be cracked by the CypherPunks
in less than 72 hours by refraining from using the word 'cocksucker'
in our postings and devoting the saved CPU cycles to the crack.
--
Toto
http://bureau42.base.org/public/xenix/xenbody.html
Return to March 1997
Return to “Toto <toto@sk.sympatico.ca>”