[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Netscape SSL implementation cracked!
Kevin L Prigge wrote:
A little birdie told me that Ian Goldberg said:
> What we discovered is that, at least on the systems we checked (Solaris
> and HP-UX), the seed value for the RNG was fairly trivial to guess by
> someone with an account on the machine running netscape (so much so
> that in this situation, it usually takes less than 1 minute to find
> the key), and not too hard for people without accounts, either.
/ Makes one wonder what the seed is on a Windows implementation...
/ If it's only the time, you can probably approximate what the
/ clock is set to within a couple of minutes (if the timezone of the
/ client is known).
Hah! Like a Cmos clock can *ever* keep a consistant time for more than
two minutes...