[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Netscape SSL implementation cracked!

To: [email protected]
Subject: Re: Netscape SSL implementation cracked!
From: [email protected] (James Caldwell)
Date: Mon, 18 Sep 1995 00:40:00 -0500 (EST)
In-Reply-To: <[email protected]> from "Kevin L Prigge" at Sep 18, 95 00:26:36 am
Sender: [email protected]

Kevin L Prigge wrote:

 A little birdie told me that Ian Goldberg said:

 > What we discovered is that, at least on the systems we checked (Solaris
 > and HP-UX), the seed value for the RNG was fairly trivial to guess by
 > someone with an account on the machine running netscape (so much so
 > that in this situation, it usually takes less than 1 minute to find
 > the key), and not too hard for people without accounts, either.

/ Makes one wonder what the seed is on a Windows implementation...
/ If it's only the time, you can probably approximate what the
/ clock is set to within a couple of minutes (if the timezone of the
/ client is known). 

Hah! Like a Cmos clock can *ever* keep a consistant time for more than
two minutes...

References:
- Re: Netscape SSL implementation cracked!
  - From: Kevin L Prigge <[email protected]>

Prev by Date: Re: Netscape SSL implementation is broken!
Next by Date: Re: Netscape SSL implementation cracked!
Prev by thread: Re: Netscape SSL implementation cracked!
Next by thread: Re: Netscape SSL implementation cracked!
Index(es):
- Date
- Thread