[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SSL bruting progress (was: Crypto-relevant flame interruption)

Fred <[email protected]> wrote on cpunks:
> Would someone be so kind as to provide a status report on the
> planned SSL attack? Last word was that codework was still underway,
> but I might have missed something relevant to this project amidst
> all of the noise about excessive list noise.

There has been no public announce.  This is due to a desire to make
real sure it's going to work before announcing.

So, we're working on it.  Software is basically all there, but we're
experiencing difficulties, like during a trial run no key for Hal's
challenge seems to be being found, even though the same software finds
test keys.

We've not managed to isolate the cause of it, as (two people) have
nearly swept the entire keyspace (heh they had a bit of spare compute)
and no key has been forthcoming so far.  Give it a few more days -
until monday - and if no key is found we've got problems, 3 possible
outcomes looming:

a) we find the key to Hal's challenge and go whoopee!  Request a 2nd
   challenge from Hal? and announce a public sweep to see how fast it
   can be done.

b) something is wrong with the interpretation or the gathering of the
   SSL session data Hal based his challenge on (difficult to see
   as there are numerous fixed fields which tally with the SSL spec.)

c) software problems (also difficult to see, the software
   in all cases (3 separate versions) finds the keys of examples
   provided by Andrew Roos (ie he generated a key manually, so we know
   where to start for testing purposes)).

The likelihood of a) happening is receding, as the last key space gets
ticked off.

More news next week.