Now that we've seen that Netscape is doing a good job towards trying to fix the hole that Ian and David have uncovered, it's time to start looking at new things. Given the recent post to the www-security list that was forwarded here, it seems like just replacing the server may not work for all the secure servers out there-- keys may have to be replaced as well. Let's find out. Proposal for action: 1) Reverse-engineer a server to see if the keygen phase uses a weak RNG seed. -- if so, determine the exact algorithim. 2) Organize a net-wide search over the space of the RNG seed to crack the private key of some well known secure server. 3) Release the private key to the net. -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer@c2.org