Re: Spoofing HTTP server certificates

[Bill Stewart <stewarts@ix.netcom.com>]

At 12:52 AM 10/2/95 -0400, Greg Miller <gmiller@grendel.ius.indiana.edu> wrote:
>	Since there has been a lot of talk about the "man in the middle" 
>attack on the secure web servers, has anyone actually considered the 
>processing time required to fake a certificate from scratch?
>	I haven't really familiarized myself with how the certificates 
>are generated, etc, but it's my understanding that they are signed with RSA.

While I haven't seen Verisign's various public keys posted to the net,
and didn't see them anywhere on their web page, I assume they're at least
508 bits long, and the ones for better-than-personna certification
(or at least Class 3) ought to be ~1024 bits long, unless they're limiting
themselves to 512 bits to support software that's limited by ITAR stupidity
(which would be a shame, but is certainly possible.)

For the moment, breaking a 512-bit key remains hard, though maybe within the
NSA's reach.  It's probably one of the next big factoring challenges after the
RSA-130 number is taken out by the General Number Field Sieve folks.
The better fake, which is much more possible, is to build a chain of
certifications
(trivial) and convince your victim to accept them instead of the real ones 
(more doable, especially if some vendor's software isn't written carefully,
or is written carefully but requires the user to think about what he's reading.)

#---
#                                       Thanks;  Bill
# Bill Stewart, Freelance Information Architect, stewarts@ix.netcom.com
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281
#---