[864] in WWW Security List Archive
Re: Netscape SSL-cracker...may be old news...
daemon@ATHENA.MIT.EDU (Paul Phillips)
Wed Sep 20 05:39:26 1995
Date: Tue, 19 Sep 1995 23:33:56 -0700 (PDT)
From: Paul Phillips <paulp@cerf.net>
To: "Daniel A. Turner" <tcg@us.net>
cc: www-security@ns2.rutgers.edu
In-Reply-To: <199509200500.BAA13682@us.net>
Errors-To: owner-www-security@ns2.rutgers.edu
On Wed, 20 Sep 1995, Daniel A. Turner wrote:
> Netscape's security seems to have a flaw. Folks on this list are much more
> qualified to judge the accuracy of this SSL-breaker than I, so here's the
> source code. The idea is that Netscape's security, possibly including the
> 128-bit version, is crackable if you have an account on (or just access to)
> the client(?) machine. This is bad, I think.
It's vulnerable even if you *don't* have an account on the client
machine, which is worse. This does include the 128-bit version.
> Anyway, here's the code. For all I know it's entirely bogus, but it can't
> hurt to ask.
No, it's entirely real, but just to make sure there's no confusion: this
is not a flaw in SSL, it's a flaw in Netscape's implementation. They
made a very basic cryptography error in not paying adequate attention to
the random number generation. Your crypto is only as strong as its
weakest link.
This reflects very poorly on Netscape's quality control and
cryptographic expertise. They are issuing a 1.2 release that will
address the bug (notice I don't say "fix" necessarily), hopefully this
will light some fires in the Netscape offices -- it got a front page
mention in today's Wall Street Journal.
By the way, by emailing the source from the US (us.net! har!) you probably
just violated ITAR and are now a munitions trafficker.
--
Paul Phillips | "Click _here_ if you do not
<URL:mailto:paulp@cerf.net> | have a graphical browser"
<URL:http://www.primus.com/staff/paulp/> | -- Canter and Siegel, on
<URL:pots://+1-619-558-3789/is/paul/there?> | their short-lived web site
