Now that we've seen that Netscape is doing a good job towards trying to fix the hole that Ian and David have uncovered, it's time to start looking at new things. Given the recent post to the www-security list that was forwarded here, it seems like just replacing the server may not work for all the secure servers out there-- keys may have to be replaced as well. Let's find out. Proposal for action: 1) Reverse-engineer a server to see if the keygen phase uses a weak RNG seed. -- if so, determine the exact algorithim. 2) Organize a net-wide search over the space of the RNG seed to crack the private key of some well known secure server. 3) Release the private key to the net. -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer@c2.org
sameer writes:
2) Organize a net-wide search over the space of the RNG seed to crack the private key of some well known secure server.
3) Release the private key to the net.
FWIW, for the record, I'm uncomfortable with this. It sounds unethical, IMHO. For me at least, targeting the key of some particular server that happens to be out there is over the line. If you said you would have someone volunteer a supposedly secure server for the challenge, I'd have no qualms. But hey, that's just one tentacle's opinion.... -Futplex <futplex@pseudonym.com> "...when you talk about destruction, don't you know that you can count me out"
In article <199509211832.LAA24086@infinity.c2.org>, sameer@c2.org (sameer) writes:
Now that we've seen that Netscape is doing a good job towards trying to fix the hole that Ian and David have uncovered, it's time to start looking at new things.
Given the recent post to the www-security list that was forwarded here, it seems like just replacing the server may not work for all the secure servers out there-- keys may have to be replaced as well. Let's find out.
Proposal for action:
1) Reverse-engineer a server to see if the keygen phase uses a weak RNG seed. -- if so, determine the exact algorithim.
2) Organize a net-wide search over the space of the RNG seed to crack the private key of some well known secure server.
3) Release the private key to the net.
What exactly is the point of this? We have: 1) acknowledged that the RNG used in the server private-key generation has the same problem 2) said that we will provide a patch early next week 3) said that we will provide new certificates for all customers 4) promised to make source code for our new seed generation code publicly available What else do you hope to gain by breaking a server key? I think the point has been made. Is there anything else that you would reasonably expect that we would do in response to a server key being broken that we have not already done? --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.
In article <199509211832.LAA24086@infinity.c2.org>, sameer@c2.org (sameer) writes:
Now that we've seen that Netscape is doing a good job towards trying to fix the hole that Ian and David have uncovered, it's time to start looking at new things.
Proposal for action:
Jeff writes:
What else do you hope to gain by breaking a server key? I think the point has been made. Is there anything else that you would reasonably expect that we would do in response to a server key being broken that we have not already done?
--Jeff
Clearly the point that Sameer is making includes the Meta crypto creed, which is a that all security systems and they components should be discussed and tested in public. That it is not enough to test the client and that encryption contained in server products must also be dragged into the day light. Harry Hawk habs@panix.com Freelancer for NetGuide Mag. All comments are my own.
What exactly is the point of this? We have:
Is Netscape going to cover the cost of getting the new keys that the servers generate signed and certified by Versign? Is netscape going to tell its customers that they need to regenerate their keys and get new certificates? Like I've said, I'm very impressed with netscape's quick response and almost everything they've done. -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer@c2.org
Jeff Weinstein writes:
What else do you hope to gain by breaking a server key? I think the point has been made. Is there anything else that you would reasonably expect that we would do in response to a server key being broken that we have not already done?
Well, I don't know what the point was -- I don't think its a useful effort -- but I would like to make the following comment. One problem I've had is that this isn't some toy being built at NCSA any more -- its something that lots of real money depends on. If I treated my security critical code for my wall street clients the way you guys have treated a lot of your code, I'd expect to be blackballed and never work at anything more lucrative than shoe-shining again in my entire carrer. You've all been giving the very standard "We're overworked -- we didn't know -- I didn't look at that" sort of answers. Thats all fine and well -- but when the money gets stolen or the plane crashes it isn't good enough. Code like this has to be treated with enormous seriousness. That means code reviews. That means people follow systematic security proceedures -- and thats not just in the "security code" because that isn't where the break will come. It means that there are coding standards. It means people break their backs very very seriously checking everything and rechecking it, and then torture testing it. You folks are still operating as if you are a garage operation when it comes to this stuff, even though you are selling commerce servers that people depend on for their business to operate. You guys have gotten off quite lightly -- you screw up in a way that could have cost your clients real money and all that happened is some bad press and pressure to fix things. However, don't expect to be treated that well next time. Those of us who are adults in this business expect that we won't get second chances if we fuck a client good and hard, and you guys shouldn't feel as though you've got another couple of strikes to go. As I said, if I fucked up that way I'd expect to have my carrer permanently ruined. You got off *easy*. In my part of the universe, which is very close to the part you guys have started to tread in, people treat this stuff very seriously. As it happens, I know of some places in the financial community where people have started to act lazy. I'm expecting to see lots of people lose their carrers when something bad happens. Perry
In article <199509231919.MAA01818@infinity.c2.org>, sameer@c2.org (sameer) writes:
What exactly is the point of this? We have:
Is Netscape going to cover the cost of getting the new keys that the servers generate signed and certified by Versign? Is netscape going to tell its customers that they need to regenerate their keys and get new certificates?
I'm not sure what exactly you mean by "cover the cost". Our server customers WILL NOT have to pay verisign for new certificates. We will tell all of our customers to generate new keys and get new certificates ASAP. We are putting the version number in new certificate requests so that verisign can reject requests from people who don't have the new version of the key generator. Server operators will also be able to set up their servers to detect unpatched clients and redirect them to a page that will allow them to download the patch. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.
participants (5)
-
futplex@pseudonym.com -
Harry S. Hawk -
jsw@neon.netscape.com -
Perry E. Metzger -
sameer