Go to listserv.cesnet.cz LWGate Home Page.From: android@BBS.INFIMA.CZ
Subject: Cracknuti Netscape SSL
Date: Fri, 21 Jun 1996 15:42:00 +0100
Next Article (by Date): Fonty ve Windows Radomir Palovsky
Previous Article (by Date): Kunovice "Jiri T. Pelech"
Articles sorted by: [Date]
[Author]
[Subject]
nasel jsem na http://pauillac.inria.fr/~doligez/ssl/
Uzite si. Je to decela dobry cteni na bezesnou noc.
Zdar
Milon
This is all my personal point of view. INRIA published an official
press release (no longer available on-line).
On July 14, Hal posted his SSL challenge: a record of a "secure"
Netscape session encrypted with the
RC4-128-EXPORT-40 algorithm.
I succeeded in cracking the challenge, but I was only the second one to
find the key and read the contents of his session.
If you're a journalist, be sure to read my virtual press conference. If
you have more questions, feel free to send me some
e-mail: Damien.Doligez@inria.fr.
This is a more-or-less chronological account of what happened:
The SSL protocol was designed to protect confidential data sent by
Web browsers. It has an option for weak
encryption, to comply with the requirements of the US government
for exportable software.
July 14: Hal posted his challenge in a short version and a
detailed version.
August 15: I posted my original announcement. I also have a
revised version.
August 16: I learned that David Byers and Eric Young, working with
Adam Back, had cracked the challenge about two
hours before me. Adam has a description of their achievement.
August 17: Netscape sent their official response. I don't agree
with their $10,000 figure, and they badly underestimate
the cost of breaking RC4-128 (the US-only version of their
system). Still, I do agree with their conclusion.
The cypherpunks are putting together a "key cracking ring" to see
how fast this can get: they will decrypt example
sessions as fast as possible (I expect only about one day per
session), by using a lot of machines all over the Internet.
August 19: Hal posted a second SSL challenge to cypherpunks for
the "key cracking ring" to tackle.
The key cracking ring started working on this new challenge on
August 24, at 18:00 GMT, and got the result in less
than 32 hours.
September 4: Communications Week International wrote that I
"enlisted a number of other engineers worldwide to
crack the code again - in just 32 hours". This is not true. I did
participate in the effort, but the credits for organizing it
should go to Adam Back and Piete Brooks.
September 17: Ian Goldberg and David Wagner broke the
pseudo-random number generator of Netscape Navigator
1.1. They get the session key in at most a few hours on a single
workstation. Their code is available by ftp. You can get
more details on a web page written by Laurent Demailly.
September 20: Community ConneXion is awarding original T-shirts to
people who Hack Netscape or Microsoft.
June 4, 1996: Le Monde, a french newspaper, with a very good (and
obviously undeserved) reputation for seriousness,
published a paper with a completely garbled story about the
Internet, that ends by saying "Damien Rodriguez" is a
pirate. I found at least 15 factual errors in that article. My
personal conclusion: never believe what you read in a
newspaper.
Related topics
You can get the source of the program that I used to break the
challenge.
A few people also have equivalent programs, for example Andrew
Roos and Piete Brookes.
There is a lot of research in cryptology being done at INRIA
(projects ALGO and CODES), École polytechnique, and
École Normale Supérieure.
You may want to know more about the ITAR (International Traffic in
Arms Regulations), which prevent Netscape from
exporting their more secure system. See the EFF ITAR export
archive or John Gilmore's crypto export page.
The RSA-129 crack used about 50 times more computing power than I
did for the SSL challenge.
Cryptographic software is export-restricted by the US government
even if it didn't originate from the US (i.e. if
imported, it cannot be reexported). Yet, you can find strong
cryptography in the form of PGP (all over the world), and
SSLeay (in Australia).
A UK company, MarketNet, already has a server with 128-bit
security.
There are serious restrictions on the use of cryptography in
France.
the cypherpunks
Tim May's Cyphernomicon is a list of frequently asked questions
(with answers) about cryptography.
Netscape
the WWW consortium
my own web page
Some articles reporting this story are also available on the Web.
Here is a game: spot the errors in these articles and
report them to their authors.
San Jose Mercury News (no mistakes as far as I can tell)
HPCwire
Komputery i Biuro (if you can read Polish; I cannot).
Le Devoir (in French).
It should be noted that both MD5 and RC4, two of the (very good)
cryptographic components of SSL, were designed
by Ron Rivest, of RSA Laboratories.
For a good introduction to the field of cryptology, read the
sci.crypt FAQ.
Some information about cryptography (in German).
A good Web page on cryptography.
Cute quote:
"Just remember, in 10 years no one will care. In fact most people
probably don't care right now."
-- Conrad E. Muller
Next Article (by Date): Fonty ve Windows Radomir Palovsky
Previous Article (by Date): Kunovice "Jiri T. Pelech"
Articles sorted by: [Date]
[Author]
[Subject]