[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

The Next Hack

To: [email protected]
Subject: The Next Hack
From: sameer <[email protected]>
Date: Thu, 21 Sep 1995 11:32:01 -0700 (PDT)
Pgp-Strong-Print: 3C AE E4 00 C2 6A 81 FF 49 4E EE 0C CD CD 1D 80
Sender: [email protected]

	Now that we've seen that Netscape is doing a good job towards
trying to fix the hole that Ian and David have uncovered, it's time to
start looking at new things.

	Given the recent post to the www-security list that was
forwarded here, it seems like just replacing the server may not work
for all the secure servers out there-- keys may have to be replaced as
well. Let's find out.

Proposal for action:

1) Reverse-engineer a server to see if the keygen phase uses
a weak RNG seed. -- if so, determine the exact algorithim.

2) Organize a net-wide search over the space of the RNG seed to 
crack the private key of some well known secure server.

3) Release the private key to the net.

-- 
sameer						Voice:   510-601-9777
Community ConneXion				FAX:	 510-601-9734
An Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org (or login as "guest")			[email protected]

Follow-Ups:
- Re: The Next Hack
  - From: [email protected] (Futplex)
- Re: The Next Hack
  - From: [email protected] (Jeff Weinstein)

Prev by Date: Has anyone seen the CatMan (catburgler)?
Next by Date: Netscape closes up 1 3/8 today!
Prev by thread: Has anyone seen the CatMan (catburgler)?
Next by thread: Re: The Next Hack
Index(es):
- Date
- Thread