Spoofing HTTP server certificates
Greg Miller
gmiller at grendel.ius.indiana.edu
Sun Oct 1 21:40:33 PDT 1995
Since there has been a lot of talk about the "man in the middle"
attack on the secure web servers, has anyone actually considered the
processing time required to fake a certificate from scratch?
I haven't really familiarized myself with how the certificates
are generated, etc, but it's my understanding that they are signed with RSA.
The few recent factorings of RSA keys have shown that brute force
attacks are feasable with distributed processing. Since these projects
were done "just for the fun of it", wouldn't it seem likley that someone
(or some people) would take the time and effort to factor the certificate
signing key? After all, it would actually be worth something.
gmiller at grendel.ius.indiana.edu
http://www.ius.indiana.edu/~gmiller/
More information about the cypherpunks-legacy
mailing list