Netscape SSL implementation cracked!
James Caldwell
jcaldwel at iquest.net
Sun Sep 17 22:42:15 PDT 1995
Kevin L Prigge wrote:
A little birdie told me that Ian Goldberg said:
> What we discovered is that, at least on the systems we checked (Solaris
> and HP-UX), the seed value for the RNG was fairly trivial to guess by
> someone with an account on the machine running netscape (so much so
> that in this situation, it usually takes less than 1 minute to find
> the key), and not too hard for people without accounts, either.
/ Makes one wonder what the seed is on a Windows implementation...
/ If it's only the time, you can probably approximate what the
/ clock is set to within a couple of minutes (if the timezone of the
/ client is known).
Hah! Like a Cmos clock can *ever* keep a consistant time for more than
two minutes...
More information about the cypherpunks-legacy
mailing list