[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Netscape SSL implementation cracked!



-----BEGIN PGP SIGNED MESSAGE-----

>Makes one wonder what the seed is on a Windows implementation...
>If it's only the time, you can probably approximate what the
>clock is set to within a couple of minutes (if the timezone of the
>client is known).

Who cares what the timezone of the client is. Try searching around in all
24 timezones. The trick with predicting a random number generator isn't
that you have to get the exact key, you just have to narrow the search
space to something reasonable. A couple of minutes times 24 isn't that bad!

                                -Jeff

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMF0SvMUtR20Nv5BtAQEAVQP/ccPp8IM8dnGtdDTajjO1a0sYBo7u7LcB
yracUhWnE6h90DEtEbGHpEUz3UpvMrXVTC1cFYXml8v3zH4DKlgXyIwC1kItAbqB
9NJTtvB1D5Msnoslqkn+ZoP2K8i0ajcHcXlqma32YiQJM6D4KSxFtRgM7vawCVuy
KqnbrdSrQQQ=
=bYf5
-----END PGP SIGNATURE-----