[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: NYT on Netscape Crack
Adam Back writes:
> Posting the code for the random number generator would be an
> excellent start.
Ian posted the code for the PRNG on August 30th and Stephen Kapp noted that
it was similar to one in RSAREF. The PRNG is probably fine. The big flaw
here was the collection of seed material. The bottom line is the WHOLE
security subsystem should be published for analysis.
> Or if that doesn't sit well with copyright interests, how about
> writing up an open spec about how the random number generator works?
> Then we can critique it.
Netscape did this with SSL and what happened was the rest of the industry
jumped on it before any analysis was done. Now we are likely stuck with a
poor protocol.
> An algorithm should be something to be proud of, "it's secure, and
> see: this is how it works, here are the design criteria, here is
> how you would attempt to break it, and here is the best predicted
> attack's cost."
The design may be great, but if the implementation is flawed then you aren't
much better off. To attempt to evaluate the security of a system you need to
be able to inspect the implementation. Period.
> is netscape still a progressive startup company with hot programmers
> running the show, or has it slipped into stuffy corporate realms
> already?
Netscape may have hot programmers but so far I believe it has become
self-evident that they know little about crypto and implementing
cryptosystems.
To Netscape's credit, Jeff Weinstein claims that the team implementing the
security for Navigator 2.0 is completely new and of course Netscape has hired
Tahir ElGamal, who certainly knows what he is doing. Additionally I would
suspect that with all the bad publicity they are receiving they would take up
Bidzos on RSADSI's offer to analyze the source. So it is entirely possible
that Navigator 2.0 will be much better. However, I am not holding my breath.
Strong crypto is _hard_ to implement properly. Even if a product is using a
well-known algorithm there could be any number of subtle flaws that can
destroy any security offered by such algorithm. You can't just toss in RSA,
IDEA, RC-4, DES, etc... and claim the thing is secure.
andrew