Re: What's the netscape problem

• To: www-security@ns2.rutgers.edu
• Subject: Re: What's the netscape problem
• From: Wayne Wilson <wwilson@umich.edu>
• Date: Wed, 20 Sep 1995 11:06:30 -0900 (PDT)
• In-Reply-To: <253.811608707@pellet.spry.com>

On Wed, 20 Sep 1995, Marc VanHeyningen wrote:

> 
> The interesting part of this article is the discussion of random seed
> weaknesses on the *server* side.  If true, this means anybody could use
> the random-seed hole to reverse engineer the process by which the
> server's private key information was generated and break that keypair
> with much, much much less effort than would normally be needed to factor
> a 512-bit RSA key.
> 
  There is not enough detail revealed yet.  For example, Netscape clearly 
seems to be talking about the symmetrical session keys, which I thought 
were generated by a separate process than the RSA keys.  If the RSA key 
generation process is flawed in the same way than you are right in what 
you say.

• Re: What's the netscape problem
• From: marcvh@spry.com (Marc VanHeyningen)

• Previous: Re: What's the netscape problem
• Next: Re: Java and trojans: any last words before Netscape 2.0 is out?
• Index(es):
  • Index
  • Thread