------- start of forwarded message (RFC 934 encapsulation) ------- From: marcvh@spry.com (Marc VanHeyningen) To: Wayne Wilson <wwilson@umich.edu> Cc: Kazuma Andoh <andoh@nikkeibp.co.jp>, www-security@ns2.rutgers.edu Subject: Re: What's the netscape problem Date: Wed, 20 Sep 1995 07:51:47 -0700 [...]
http://home.netscape.com/newsref/std/random_seed_security.html
The interesting part of this article is the discussion of random seed weaknesses on the *server* side. If true, this means anybody could use the random-seed hole to reverse engineer the process by which the server's private key information was generated and break that keypair with much, much much less effort than would normally be needed to factor a 512-bit RSA key. (Note that I'm not entirely sure Netscape's server uses 512 bit RSA keys, since the documentation, technical data sheets, and generation process don't give any clue about what key size is being used. Guess they don't want customers worrying their pretty little heads about it.) This would mean merely getting a fixed server would be insufficient; every Netscape server user would need to generate a new keypair, get a new Verisign certificate, and revoke the old one. (Oops, wait, there's no way to revoke the old one. I guess you just have to hope nobody does this before all those certificates expire.) - - Marc ------- end ------- dl -- Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|... Freedom Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept smuggle nuclear North Korea SDI cracking Mossad DES