[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Netscape's random numbers

To: [email protected]
Subject: Re: Netscape's random numbers
From: [email protected]
Date: Mon, 18 Sep 95 15:58:21 -0400
Cc: [email protected]
In-Reply-To: Your message of "Mon, 18 Sep 95 12:33:35 MDT." <v01510100ac836b357d90@[206.1.161.4]>
Sender: [email protected]


>Before we go to the news, perhaps we should demonstrate the exploitation of
>this hole. It would certainly make selling this story a whole lot easier.

In the first place it is a bit late for that. The problem is all over the net 
already. Expect press coverage tommorow or Wednesday. Secondly I would prefer a 
solution.


Random number generation and maintenance is a whole lot harder than RFC 1750 
makes out. Although that RFC has some usefull ideas it does not provide a 
blueprint fora secure ergodicity management facility.

When I wrote code for Shen I was very carefull in the use I made of the output 
of the ergodicity manager. In particular correlation is a major concern. If a 
pseudo random output is exposed it must not predjudice other random values.

Consider the class of attacks where Mallet receives a message from Alice and 
uses the knowledge of his random number to discover the random number used in 
Alice's later message to Bob.

I always use hash functions as a "one way trap" to ensure that values cannot be 
reverse engineered to discover the internal state of the random number 
generator. I am also careful to erase all internal state before exiting the 
program. 


	Phill Hallam-Baker

References:
- Re: Netscape's random numbers
  - From: [email protected] (Dietrich J. Kappe)

Prev by Date: Re: (noise) Re: SPAM bait
Next by Date: RSAREF Commercial Licensing
Prev by thread: Re: Netscape's random numbers
Next by thread: unssl.c available for ftp (was: Netscape's random numbers)
Index(es):
- Date
- Thread