On Wed, Aug 15, 2001 at 01:42:05PM -0400, Jack Lloyd wrote: > > 2) IIRC, OpenSSL adds a few "random" things like pid, uid, time, etc > in the creation of the key On ''Unix'' platforms, it adds getpid(), getuid(), and time(NULL). Wagner and Goldberg demonstrated how very predictable these values were years ago with the Netscape browser. > 3) Oh, one more thing. An SSL/TLS key is negotiated between the > client and server, and derived from random values sent by each of > them. But the client-random and server-random values are public. The only secret input to the master secret is the pre-master secret which is entirely supplied by the client. If the PRNG used by the client to generate the pre-master secret is weak, an attacker that can sniff the packets can decrypt them with relatively little effort. In this case, you have to have a working and recognized-by-OpenSSL /dev/urandom or an alternate source of good entropy. --Scott -- Scott Renfro <scottat_private>
This archive was generated by hypermail 2b30 : Thu Aug 16 2001 - 10:34:54 PDT