Re: [Long] A history of Netscape/MSIE problems
[...] The reason for the 40-bit key and (according to RSADSI, the company that developed RC4) the reason why details on it were kept secret was that these conditions were required under an agreement between the Software Publishers Association (SPA) and the US government which gave special export status to the RC4 algorithm and a companion algorithm called RC2.
Hadn't heard that before, that the trade secret requirement was imposed on RSADSI. What was your source for that info, it is an interesting assertion on the part of RSADSI, and I am intrigued.
It's in AC II, p.319 (I was getting worried for a minute, I missed it the first time I looked and then couldn't figure out where I'd got the info from).
You ought to reference Andrew Roos paper [posted to the list, and sci.crypt, at least] analysing key schedule biases in RC4.
It's mentioned in the list of minor RC4 weaknesses. I didn't include refs for all of these because I've already probably got as many references in there as text (the term "reference terrorism" has been used to describe some of my papers in the past).
Strangly (I'm not sure if anyone lost money due to this), I think Netscapes prices hardly suffered, perhaps even improved slightly. Could be due to the `any publicity is good publicity' syndrome. There was a *lot* of publicity, and Netscapes response in fixing the problem was good. Several US cypherpunks were tracking the stocks at the time, and could probably verify this.
Interesting... does anyone want to comment on this? This kind of damages one of my assumptions in the paper that publicity attacks can hurt a company providing poor security. Could it be that at the time people would buy Netscape stock no matter what happened? If MSIE had been widespread at the time, would it have caused people to jump ship en masse?
One omission: you didn't say anything about Paul Kocher's timing attack on RSA, which I think affected Netscape servers, and was fixed after his publicizing the attack. Then you could discuss Ron Rivest's blinding solution, and the time delay solution.
It's a pretty obscure attack and one which most implementations (ones running on home PC's) won't ever need to worry about, given that it's many times easier to get a victim to download some whiz-bang ActiveX applet which quietly patches their browser to use a fixed key for all SSL sessions. Has anyone thought of doing this? If I had a system (and compiler) capable of building ActiveX apps I'd love to do this - create an espionage-enabling screen saver or something. Peter.
On Mon, 16 Sep 1996 pgut001@cs.auckland.ac.nz wrote:
`any publicity is good publicity' syndrome. There was a *lot* of publicity, and Netscapes response in fixing the problem was good. Several US cypherpunks were tracking the stocks at the time, and could probably verify this. Interesting... does anyone want to comment on this? This kind of damages one of my assumptions in the paper that publicity attacks can hurt a company providing poor security. Could it be that at the time people would buy Netscape stock no matter what happened? If MSIE had been widespread at the time, would it have caused people to jump ship en masse?
I think one issue that may come into this is that while the kind of peopl who read this list worry about security issuse like the above, the average, or rather most (I'd off-the-cuff estimate almost all) of the users of netscape don't use the security features, and don't understand them. If they know what they are doing, they expect that at some point in the future NEED the security, but don't use/need it now. What publicity Netscape recieved was probably very minor in the mainstream media, and Netscapes damage control was most likely quite effective. I spend very little time with the mainstream media, I really don't know. I could be very very wrong about most or all of this, but I think that people on this list would tend to be just a little bit more concerned and knowlegable about security and privacy issues, and hence a little more judemental (in a good way) on those issues. Petro, Christopher C. petro@suba.com <prefered for any non-list stuff> snow@smoke.suba.com
Peter Guttmann <pgut001@cs.auckland.ac.nz> writes:
Hadn't heard that before, that the trade secret requirement was imposed on RSADSI. What was your source for that info, it is an interesting assertion on the part of RSADSI, and I am intrigued.
It's in AC II, p.319 (I was getting worried for a minute, I missed it the first time I looked and then couldn't figure out where I'd got the info from).
I can't see anything suggesting that the trade secret status of the algorithm had anything to do with it's being granted special export status. All it says on 319 (the section on RC2) is: : It is proprietary, and its details have not been published... [of course since then someone did publish, anonymously] : ...An agreement between the Software Publishers Association (SPA) and : the US government gave RC2 and RC4 (see Section 17.1) special export : status (see Section 25.13). Sameer posted that someone at RSA once told him unofficially that the trade secret status was required. Schneier (courtesy of Ulf Moeller <um@c2.net>) seems to be saying that it has nothing to do with it, in spite of RSADSIs claims: : Schneier writes (2nd ed., p. 398): "This special export status has : nothing to do with the secrecy of the algorithm, although RSA Data : Security, Inc. has hinted for years that it does." Adam
participants (3)
-
Adam Back -
pgut001@cs.auckland.ac.nz -
snow