From: Bill Stewart <bill.stewart@pobox.com>
To: cryptography@c2.net
Message Hash: d22ba60b4b34ee1d8cc378db28befd401df0564c3f3631635256715b6d0c849d
Message ID: <3.0.5.32.19980626181343.0098a8e0@popd.ix.netcom.com>
Reply To: N/A
UTC Datetime: 1998-06-27 01:14:13 UTC
Raw Date: Fri, 26 Jun 1998 18:14:13 -0700 (PDT)
From: Bill Stewart <bill.stewart@pobox.com>
Date: Fri, 26 Jun 1998 18:14:13 -0700 (PDT)
To: cryptography@c2.net
Subject: Lucent Researcher Cracks PKCS#1, SSL
Message-ID: <3.0.5.32.19980626181343.0098a8e0@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain
http://www.rsa.com/rsalabs/pkcs1/
http://www.zdnet.com/zdnn/stories/zdnn_display/0,3440,332372,00.html
Lucent researcher cracks encryption code
By Margaret Kane, ZDNet
An encryption researcher has discovered a software flaw that could allow
a hacker to break the software codes used for electronic commerce.
The problem protocols use the Public Key Cryptography Standard #1,
including the Secure Sockets Layer, or SSL standard. RSA Data Security
Inc., which defined the standard, said that the vulnerability does not
apply to PKCS #1-based secure messaging protocols, such as Secure
Electronic Transactions and Secure Multipurpose Internet Mail Extension
because they are not susceptible to -- and already implement --
mechanisms preventing this potential vulnerability. But at a Web site
using SSL, a hacker could break the code by sending millions of messages
to the target server and observing the server's response.
That information could be used to decode an intercepted session, said
Daniel Bleichenbacher, a researcher at Lucent Technologies Inc.'s
(Nasdaq:LU) Bell Labs.
A slew of software companies announced today that they are working on a
patch for the problem, and will post it on their Web sites. RSA, a
division of Security Dynamics
Technologies, (Nasdaq:SDTI) said it is working with IBM (Nasdaq:IBM),
Microsoft Corp.(Nasdaq:MSFT), Netscape
Communications Corp. (Nasdaq:NSCP), Open Market Inc. (Nasdaq:OMKT), and
others on the problem.
RSA is also working with the CERT Coordination Center on the problem,
which has posted a technical advisory about the situation.
Reuters contributed to this story.
++++++++++++++++++ Extracted From Another web page there m+++++++++++++
http://www.zdnet.com/zdnn/stories/zdnn_display/0,3440,332372,00.html
SSL flaw could expose encrypted data
A researcher at Lucent Technologies Inc.'s Bell Laboratories has discovered a vulnerability in the SSL encryption commonly used in electronic commerce transactions.</B></P>
<P>The flaw, which has been exposed only in a laboratory setting, would allow a hacker to capture encrypted data in a session between a browser and server.</P>
<P>The vulnerability is hardly a fatal flaw in SSL (Secure Sockets Layer). Rather, it's a hole that a savvy Web site administrator should be able to spot before a hacker can do any damage.
"The good news here is that you still have to be pretty smart to break it," said Julie Ferguson, chief technology officer of ClearCommerce Corp., in Austin, Texas.</P>
<P>The researcher, Daniel Bleichenbacher, who works in the secure systems research department of Bell Labs, in Murray Hill, N.J., found a way for a hacker to derive the session key used in a transaction by feeding off the error messages created by a server.</P>
<P>First, the hacker must prepare roughly 1 million messages to send against the server to capture the information. Bleichenbacher said he created an algorithm that analyzes those messages and derives the session key--which is randomly generated for each transaction by a combination of public and private keys at the Web site and the consumer's browser. Still, a competent site administrator should notice that his Web site has suddenly received a barrage of bad messages.</P>
<P>"It should be very easy to see that an attack is taking place," Bleichenbacher said. The hacker would also have to capture a session at some point on the line, likely at an Internet service provider, not knowing whether there is information within it that is worth stealing.</P>
<P>Because a session key is randomly generated for each session, it's possible for a hacker to capture information only about that individual session, said officials at RSA Data Security Inc., which developed SSL in conjunction with Netscape Communications Corp.</P>
The flaw, technically found in the standard called the Public Key Cryptography System #1, does not apply to encryption algorithms themselves but rather to the way packets are placed into encrypted envelopes. PKCS#1 is due to be upgraded next month, and the latest revision will account for the newly found vulnerability, said Scott Schnell, vice president of marketing at RSA, in Redwood City, Calif.
<P> The implications are perhaps most serious for home banking, because a hacker using this flaw could capture a user's banking information.</P>
<P>Although there are no known real-world attacks taking advantage of this SSL flaw, software vendors promise to have patches that mask the error messages. Netscape, in Mountain View, Calif., already has one available on its Web site for several applications, including Netscape Enterprise Server, Netscape Proxy Server and the company's messaging servers.</P>
<P>Microsoft Corp. also has created a fix that masks the error messages that a hacker would rely upon. Officials of the Redmond, Wash., company said they have worked with Netscape to ensure that their respective fixes do not create interoperability problems.</P>
<P>Both companies said they have already alerted major customers about the problem and provided them with fixes.</P>
Thanks!
Bill
Bill Stewart, bill.stewart@pobox.com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Return to June 1998
Return to “Bill Stewart <bill.stewart@pobox.com>”
1998-06-27 (Fri, 26 Jun 1998 18:14:13 -0700 (PDT)) - Lucent Researcher Cracks PKCS#1, SSL - Bill Stewart <bill.stewart@pobox.com>