[Previous] [Next] [Index]
[Thread]
Re: What's the netscape problem
On Sep 20, 7:51, Marc VanHeyningen wrote:
> The interesting part of this article is the discussion of random seed
> weaknesses on the *server* side. If true, this means anybody could use
> the random-seed hole to reverse engineer the process by which the
> server's private key information was generated and break that keypair
> with much, much much less effort than would normally be needed to factor
> a 512-bit RSA key.
My God... They couldn't have been _that_ sloppy. I feel fairly certain that
they used the RSA BSAFE library, and hopefully the RNG that comes with it, for
the RSA keypair generation. But maybe they didn't seed it carefully either.
I have been following this discussion with a bit of amusement. As the author
of the O'Reilly WebSite server, I developed (last Spring) a high-strength
random number generator for our upcoming SSL/S-HTTP release. It uses the
arrival times of incoming network requests as its noise source, and keeps a
"pool" of random bytes that is "stirred" as needed using MD5 in cipher
feedback mode, with the new noise used as the "key". No way WebSite is going
to be broken by a "known seed attack".
> This would mean merely getting a fixed server would be insufficient; every
> Netscape server user would need to generate a new keypair, get a new
Verisign
> certificate, and revoke the old one.
If you are right about the keypair weakness, you are right about this too..
> (Oops, wait, there's no way to revoke the old one. I guess you just have to
> hope nobody does this before all those certificates expire.)
You don't have to revoke the old one, just squirrel it away where no one can
steal it, and start using the new cert.
-- Bob
Follow-Ups:
References: