[39781] in Cypherpunks
The Next Hack
daemon@ATHENA.MIT.EDU (sameer)
Thu Sep 21 15:54:24 1995
From: sameer <sameer@c2.org>
To: cypherpunks@toad.com
Date: Thu, 21 Sep 1995 11:32:01 -0700 (PDT)
Now that we've seen that Netscape is doing a good job towards
trying to fix the hole that Ian and David have uncovered, it's time to
start looking at new things.
Given the recent post to the www-security list that was
forwarded here, it seems like just replacing the server may not work
for all the secure servers out there-- keys may have to be replaced as
well. Let's find out.
Proposal for action:
1) Reverse-engineer a server to see if the keygen phase uses
a weak RNG seed. -- if so, determine the exact algorithim.
2) Organize a net-wide search over the space of the RNG seed to
crack the private key of some well known secure server.
3) Release the private key to the net.
--
sameer Voice: 510-601-9777
Community ConneXion FAX: 510-601-9734
An Internet Privacy Provider Dialin: 510-658-6376
http://www.c2.org (or login as "guest") sameer@c2.org
