[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NetScape's dependence upon RSA down for the count!

To: [email protected], [email protected]
Subject: Re: NetScape's dependence upon RSA down for the count!
From: [email protected] (John L. Bass)
Date: Sat, 30 Sep 95 16:13:55 -0600
Sender: [email protected]

Ok, several people have asked:

> Please explain to me how you can break SSL using the above method. I
> don't follow your line of thought. How could my fake www server
> intercept and redirect packets to netscape.com short of hacking a DNS
> server?

client ->       filter                          Client sends packet with K(c)
                filter ->       Server          filter forwards packet with K(f)                filter       <- Server          Server sends encrypts with K(f)
client       <- filter                          filter re-encrypts with K(c)

As the protocol progresses the filter also uses the master key,
and follows the renegotiation as the master key expires.


The existance of a working filter is enough to invalidate the security in
NetScape's claims.


hacking a DMS server is one way, spoofing a DNS reply to named is easier,
simply packaging the filter into a router/bridge close to the server
is more effective ... even if hacking the incoming phoneline/T1 line
to the server and inserting a very transparent bridge AKA a phone tap.

There is enough dollars to make the risks ... :)

John

BTW ... how do I join for these two list? Where are they archived to
catchup with past traffic?

Prev by Date: Re: my favorite random-numbers-in-software package (unix)
Next by Date: Auto-signing
Prev by thread: Re: NetScape's dependence upon RSA down for the count!
Next by thread: Re: NetScape's dependence upon RSA down for the count!
Index(es):
- Date
- Thread