Re: SSL challenge -- broken !
-----BEGIN PGP SIGNED MESSAGE----- From: Damien.Doligez@inria.fr (Damien Doligez)
This is to announce the solution of the SSL challenge posted by Hal Finney on July 17, 1995 (message-ID: <3u6kmg$pm4@jobe.shell.portal.com>), also found at: <URL:http://www.portal.com/~hfinney/sslchal.html>
Although it is hardly necessary, I can confirm the accuracy of the decryption found, and I extend my congratulations for this achievement! Ironically, I understand that an independent effort coordinated by Adam Back also discovered the key at approximately the same time. In addition, Eric Young had done a search starting at 8000000000 and upwards; unfortunately the key value of 7ef0961fa6 was only about one percent below his starting point. Hopefully Adam will supply more information. It will be interesting to see what the fallout is from this accomplishment. It should provide ammunition for the current effort by Microsoft and other companies to try to persuade the government to allow the export of full 56 bit DES. Knowing the tendency of the media and the net to oversimplify, this will probably come out as "SSL is broken" just as the RSA-129 result led to "RSA is broken" stories. This would not be as egregious an oversimplification as in the RSA case, but in fairness it should be recognized that SSL as a spec provides support for much stronger ciphers than the intentionally weakened RC4-40 which was broken here, but Netscape was constrained by the government to supply browsers with only the weak encryption. I am a little alarmed by the suggestion that this news could have some marked impact on the Netscape stock price. From our perspective this was certainly an unsurprising result (not to take anything away from Damien and others who worked on it). It is a useful reminder that the things we work on here can have profound consequences. Hal Finney hfinney@shell.portal.com -----BEGIN PGP SIGNATURE----- Version: 2.6 iQBVAwUBMDIuehnMLJtOy9MBAQHQbwH+I0YL1ewcCbXOGw8yYvKXIJMg15O0jmqW wMb6SKrethbJzpWXJBpC1oKrl8wVzPvqBCLJtfJFWcN9xD4pTOluhA== =0GPy -----END PGP SIGNATURE-----
On Wed, 16 Aug 1995, Hal wrote:
Ironically, I understand that an independent effort coordinated by Adam Back also discovered the key at approximately the same time. In addition, Eric Young had done a search starting at 8000000000 and upwards; unfortunately the key value of 7ef0961fa6 was only about one percent below his starting point. Hopefully Adam will supply more information.
Dave Byers found it with his MasPar while searching the space that Eric had left out. The MasPar was getting 1.4M keys per second and hence could search the entire 40 bit keyspace in about 9 days anyway. - Andy +-------------------------------------------------------------------------+ | Andrew Brown Internet <asb@nexor.co.uk> Telephone +44 115 952 0585 | | PGP (2048/9611055D): 69 AA EF 72 80 7A 63 3A C0 1F 9F 66 64 02 4C 88 | +-------------------------------------------------------------------------+
Hal <hfinney@shell.portal.com> writes: I am a little alarmed by the suggestion that this news could have some marked impact on the Netscape stock price. From our perspective this was certainly an unsurprising result (not to take anything away from Damien
So far it appears not to have had an effect. The two web pages I know about that track Netscape show it holding steady a point and a half above where it opened. Even the IF market on SSLW doesn't seem to be taking much notice of it, despite my attempts at manipulating that market. Jim Gillogly Mersday, 24 Wedmath S.R. 1995, 18:06
Even more to the point is my claim on IF about brute forcing a 40 bit cipher "Cr40". -Lance On Wed, 16 Aug 1995, Jim Gillogly wrote:
Hal <hfinney@shell.portal.com> writes: I am a little alarmed by the suggestion that this news could have some marked impact on the Netscape stock price. From our perspective this was certainly an unsurprising result (not to take anything away from Damien
So far it appears not to have had an effect. The two web pages I know about that track Netscape show it holding steady a point and a half above where it opened. Even the IF market on SSLW doesn't seem to be taking much notice of it, despite my attempts at manipulating that market.
Jim Gillogly Mersday, 24 Wedmath S.R. 1995, 18:06
---------------------------------------------------------- Lance Cottrell loki@obscura.com PGP 2.6 key available by finger or server. Mixmaster, the next generation remailer, is now available! http://obscura.com/~loki/Welcome.html or FTP to obscura.com "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche ----------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE----- Perry E. Metzger writes:
Jim Gillogly writes:
Hal <hfinney@shell.portal.com> writes: I am a little alarmed by the suggestion that this news could have some marked impact on the Netscape stock price. From our perspective this was certainly an unsurprising result (not to take anything away from Damien
So far it appears not to have had an effect. The two web pages I know about that track Netscape show it holding steady a point and a half above where it opened. Even the IF market on SSLW doesn't seem to be taking much notice of it, despite my attempts at manipulating that market.
I haven't seen any news stories about this on the wire services. Someone would have to write a story about it first before people would know...
Expect to see something in the San Jose Mercury News in the near future. I contacted them to pitch the story, hoping to point out as clearly and frequently as possible that the cracking was possible only because of ITAR restrictions on key length. They already have someone working on it. Regards, Patrick May -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMDN2ze5Yg08fDKehAQE7KAP/ZxesrP1D209BOSJV187fPwfNw5UfnpLB W6VixTFg+1cWfpk7/kZeXd0uSjY4JiCpQnbiyvA0FJ+R+4HLRAXb28TVbQ55hCSn Bf7MWKHis8QNU4V52jMlzRZsPlMinYNeWgGlHCEAU1CS9BVV2dKED4tpOrRVH90b Rlz3FxXXHG4= =KvoK -----END PGP SIGNATURE-----
Jim Gillogly writes:
Hal <hfinney@shell.portal.com> writes: I am a little alarmed by the suggestion that this news could have some marked impact on the Netscape stock price. From our perspective this was certainly an unsurprising result (not to take anything away from Damien
So far it appears not to have had an effect. The two web pages I know about that track Netscape show it holding steady a point and a half above where it opened. Even the IF market on SSLW doesn't seem to be taking much notice of it, despite my attempts at manipulating that market.
I haven't seen any news stories about this on the wire services. Someone would have to write a story about it first before people would know... .pm
Hal <hfinney@shell.portal.com> writes: I am a little alarmed by the suggestion that this news could have some marked impact on the Netscape stock price. From our perspective this was
Jim Gillogly writes:
So far it appears not to have had an effect. The two web pages I know abou
"Perry E. Metzger" <perry@piermont.com> writes: I haven't seen any news stories about this on the wire services. Someone would have to write a story about it first before people would know...
I note that Netscape is down 3 at the moment... cause and effect are hard to identify, of course, since the stock has been waving around a lot since its IPO a week ago. In any case, provisional full marks to Perry. Jim Gillogly Highday, 25 Wedmath S.R. 1995, 15:38
participants (7)
-
Andy Brown -
Hal -
Harry S. Hawk -
Jim Gillogly -
Lance Cottrell -
Perry E. Metzger -
pjm@ionia.engr.sgi.com