[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Microsoft Authenticode key security

To: [email protected]
Subject: Re: Microsoft Authenticode key security
From: Toto <[email protected]>
Date: Thu, 06 Mar 1997 17:57:21 -0600
CC: [email protected], [email protected]
Organization: TOTO Enterprises
References: <[email protected]>
Reply-To: [email protected]
Sender: [email protected]

Peter Trei wrote:
 
> Really guys, If you want to attack Authenticode (and I personally
> consider it a bandaid on a dangerous system), then stealing or
> buying the key is not the approach to take.
> 
> I see two possible approaches to prove it's weakness.
> 
> 1. If they are using RSA, factor the public key. This depends on it's
> length. Considering the amount of cpu people seem to be able to
> muster for distributed cracks, etc, I suspect that 512 bit keys will
> soon be vulnerable (equiv = RSA 155).

  After having done a complete analysis of all the factors involved, 
I have determined that Authenticode could be cracked by the CypherPunks
in less than 72 hours by refraining from using the word 'cocksucker'
in our postings and devoting the saved CPU cycles to the crack.
-- 
Toto
http://bureau42.base.org/public/xenix/xenbody.html

References:
- RE: Microsoft Authenticode key security
  - From: "Peter Trei" <[email protected]>

Prev by Date: Re: Purifying Washington with Nuclear Flames
Next by Date: Re: Secure checksums
Prev by thread: RE: Microsoft Authenticode key security
Next by thread: Re: The Pro-CODE Bill could make things worse!
Index(es):
- Date
- Thread