[Previous] [Next] [Index]
[Thread]
Re: What's the netscape problem
On Wed, 20 Sep 1995, Marc VanHeyningen wrote:
>
> The interesting part of this article is the discussion of random seed
> weaknesses on the *server* side. If true, this means anybody could use
> the random-seed hole to reverse engineer the process by which the
> server's private key information was generated and break that keypair
> with much, much much less effort than would normally be needed to factor
> a 512-bit RSA key.
>
There is not enough detail revealed yet. For example, Netscape clearly
seems to be talking about the symmetrical session keys, which I thought
were generated by a separate process than the RSA keys. If the RSA key
generation process is flawed in the same way than you are right in what
you say.
References: