27 Sep
2000
27 Sep
'00
7:19 a.m.
On Tue, 26 Sep 2000, Ray Dillinger wrote:
After a little security skirmish with my (now Ex)Bank, I discovered this about Netscape and Internet Explorer; both have "help fields" in their headers that facilitate cryptanalysis of SSL connections if you have the key to the help field.
Really? This is not just a cattle-mutilation-kinda rumor? If such help fields exist, what is the kind of crypto used on them? If it's symmetric, somebody's going to have a highly satisfactory debugging session, soon... Sampo Syreeni <decoy@iki.fi>, aka decoy, student/math/Helsinki university