28 Sep
2000
28 Sep
'00
3:05 a.m.
On Wed, 27 Sep 2000, Sampo A Syreeni wrote:
On Tue, 26 Sep 2000, Ray Dillinger wrote:
After a little security skirmish with my (now Ex)Bank, I discovered this about Netscape and Internet Explorer; both have "help fields" in their headers that facilitate cryptanalysis of SSL connections if you have the key to the help field.
Really? This is not just a cattle-mutilation-kinda rumor? If such help fields exist, what is the kind of crypto used on them? If it's symmetric, somebody's going to have a highly satisfactory debugging session, soon...
Don't know what kind of crypto is used for them. I do suggest you have that debugging session, but I'd be surprised if the crypto is actually symmetric. Bear