[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NYT on Netscape Crack



Adam Back writes:
>  Posting the code for the random number generator would be an
>  excellent start.

Ian posted the code for the PRNG on August 30th and Stephen Kapp noted that  
it was similar to one in RSAREF.  The PRNG is probably fine.  The big flaw  
here was the collection of seed material.  The bottom line is the WHOLE  
security subsystem should be published for analysis.

>  Or if that doesn't sit well with copyright interests, how about
>  writing up an open spec about how the random number generator works?
>  Then we can critique it.

Netscape did this with SSL and what happened was the rest of the industry  
jumped on it before any analysis was done.  Now we are likely stuck with a  
poor protocol.

>  An algorithm should be something to be proud of, "it's secure, and
>  see:  this is how it works, here are the design criteria, here is
>  how you would attempt to break it, and here is the best predicted
>  attack's cost."

The design may be great, but if the implementation is flawed then you aren't  
much better off.  To attempt to evaluate the security of a system you need to  
be able to inspect the implementation.  Period.

>  is netscape still a progressive startup company with hot programmers
>  running the show, or has it slipped into stuffy corporate realms
>  already?

Netscape may have hot programmers but so far I believe it has become  
self-evident that they know little about crypto and implementing  
cryptosystems.

To Netscape's credit, Jeff Weinstein claims that the team implementing the  
security for Navigator 2.0 is completely new and of course Netscape has hired  
Tahir ElGamal, who certainly knows what he is doing.  Additionally I would  
suspect that with all the bad publicity they are receiving they would take up  
Bidzos on RSADSI's offer to analyze the source.  So it is entirely possible  
that Navigator 2.0 will be much better.  However, I am not holding my breath.


Strong crypto is _hard_ to implement properly.  Even if a product is using a  
well-known algorithm there could be any number of subtle flaws that can  
destroy any security offered by such algorithm.  You can't just toss in RSA,  
IDEA, RC-4, DES, etc... and claim the thing is secure.


andrew