[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Netscape SSL implementation cracked!



Kevin L Prigge wrote:
 
 A little birdie told me that Ian Goldberg said:

 > What we discovered is that, at least on the systems we checked (Solaris
 > and HP-UX), the seed value for the RNG was fairly trivial to guess by
 > someone with an account on the machine running netscape (so much so
 > that in this situation, it usually takes less than 1 minute to find
 > the key), and not too hard for people without accounts, either.
 
/ Makes one wonder what the seed is on a Windows implementation...
/ If it's only the time, you can probably approximate what the
/ clock is set to within a couple of minutes (if the timezone of the
/ client is known). 
 
Hah! Like a Cmos clock can *ever* keep a consistant time for more than
two minutes...