[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Long] A history of Netscape/MSIE problems
>>[...] The reason for the 40-bit key and (according to RSADSI, the
>>company that developed RC4) the reason why details on it were kept
>>secret was that these conditions were required under an agreement
>>between the Software Publishers Association (SPA) and the US
>>government which gave special export status to the RC4 algorithm and
>>a companion algorithm called RC2.
>Hadn't heard that before, that the trade secret requirement was imposed on
>RSADSI. What was your source for that info, it is an interesting assertion on
>the part of RSADSI, and I am intrigued.
It's in AC II, p.319 (I was getting worried for a minute, I missed it the first
time I looked and then couldn't figure out where I'd got the info from).
>You ought to reference Andrew Roos paper [posted to the list, and sci.crypt,
>at least] analysing key schedule biases in RC4.
It's mentioned in the list of minor RC4 weaknesses. I didn't include refs for
all of these because I've already probably got as many references in there as
text (the term "reference terrorism" has been used to describe some of my
papers in the past).
>Strangly (I'm not sure if anyone lost money due to this), I think Netscapes
>prices hardly suffered, perhaps even improved slightly. Could be due to the
>`any publicity is good publicity' syndrome. There was a *lot* of publicity,
>and Netscapes response in fixing the problem was good. Several US cypherpunks
>were tracking the stocks at the time, and could probably verify this.
Interesting... does anyone want to comment on this? This kind of damages one
of my assumptions in the paper that publicity attacks can hurt a company
providing poor security. Could it be that at the time people would buy
Netscape stock no matter what happened? If MSIE had been widespread at the
time, would it have caused people to jump ship en masse?
>One omission: you didn't say anything about Paul Kocher's timing attack on
>RSA, which I think affected Netscape servers, and was fixed after his
>publicizing the attack. Then you could discuss Ron Rivest's blinding
>solution, and the time delay solution.
It's a pretty obscure attack and one which most implementations (ones running
on home PC's) won't ever need to worry about, given that it's many times easier
to get a victim to download some whiz-bang ActiveX applet which quietly patches
their browser to use a fixed key for all SSL sessions. Has anyone thought of
doing this? If I had a system (and compiler) capable of building ActiveX
apps I'd love to do this - create an espionage-enabling screen saver or