>I did a writeup on this in 1996 which includes code to recover keys, you can
>get it from http://www.cs.auckland.ac.nz/~pgut001/pubs/netscape.txt.
Yes - thanks for that, I used it as a starting point. This seemed to work
with "old format" Netscape keys, which were pretty straight PKCS#8, but
NES3.6 (at least) uses a different format with (i) the keys in a .DB file
format, and (ii) a different password-derivation mechanism involving salts.
The new format is supposed to be more secure, but isn't really:
Using a salt prevents one form of dictionary attack - where you derive the
encryption key for all the passwords in your word list beforehand & encrypt
the known plaintext with it to give a lookup table of ciphertext->password.
This doesn't make breaking any single key easier, but once you've done it
you can do many keys nearly as cheaply.
However, if you *know* the salt, brute-forceing the password is still
eminently feasible. The way salting is supposed to be done is as follows:
the salt is, let's say, 20 random bits, which you invent, encrypt the key
and then _throw away_. When it comes to decrypt, even if you have the right
password you have to go through the 2^20 possible salt values until you find
one which works. This is slow but acceptably so.
The point is that if you don't have the right password, you have to do 2^20
decryptions for _each_ wrong password guess, and this makes password finding
a lot more costly.
Cheers
IH
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
