[Previous] [Next] [Index]
[Thread]
Re: Netscape Commerce Server and Certificates
Atri Chatterjee <atri@netscape.com> writes:
> The Commerce server is significantly less vulnerable because:
>
> 1. Key pairs are generated only once
> 2. Access to the actual server is limited for hackers to try to guess with
> some accurace when the key pair was generated.
> 3. The time it takes to generate key pairs is about 5 seconds on a
> reasonably powerful UNIX machine.
>
> 4. Since the random number seed address space is 30 bits, even if one knew
> approximately when the server key-pair was generated it only reduces this
> dows to say 20 bits. Therefore the operation can take anywhere from (2**20
> to 2**30) * 5 seconds = 5 million to 5 billion seconds.
>
> 5 million seconds = 57.8 days
> 5 billion seconds = 158 years
This is somewhat misleading. The fact that 'key pairs are generated only once" is
a weakness, not a strength. Since the key is persistant, it's a high value target, and
once cracked, calls into question all transactions made using that key pair.
The folks on cypherpunks have been brute-forcing 40 bits of RC4 keyspace without
difficulty. 30 bits is grossly inadequate.
Even if your 5 second/test estimate is correct (and I suspect the code could be substantially
optimized), the most recent cypherpunk SSL attack managed to rope together over 200
powerful workstations, and was completed (on 40 bits) in 31 hours (even then, it was
slowed down by the load on the keyspace server, not by the nodes doing the testing).
There are *many* organizations which have this many (or many more) idle workstations
available. I would guess that against a determined attack from a well-heeled adversary,
your current keypairs would fall in a few weeks at best, hours at worst.
Peter Trei
ptrei@acm.org
Peter Trei
Senior Software Engineer
Purveyor Development Team
Process Software Corporation
http://www.process.com
trei@process.com
Follow-Ups: