[872] in WWW Security List Archive
Re: What's the netscape problem
daemon@ATHENA.MIT.EDU (Wayne Wilson)
Wed Sep 20 14:22:23 1995
Date: Wed, 20 Sep 1995 11:06:30 -0900 (PDT)
From: Wayne Wilson <wwilson@umich.edu>
To: www-security@ns2.rutgers.edu
In-Reply-To: <253.811608707@pellet.spry.com>
Errors-To: owner-www-security@ns2.rutgers.edu
On Wed, 20 Sep 1995, Marc VanHeyningen wrote:
>
> The interesting part of this article is the discussion of random seed
> weaknesses on the *server* side. If true, this means anybody could use
> the random-seed hole to reverse engineer the process by which the
> server's private key information was generated and break that keypair
> with much, much much less effort than would normally be needed to factor
> a 512-bit RSA key.
>
There is not enough detail revealed yet. For example, Netscape clearly
seems to be talking about the symmetrical session keys, which I thought
were generated by a separate process than the RSA keys. If the RSA key
generation process is flawed in the same way than you are right in what
you say.
