On Wed, Aug 15, 2001 at 01:42:05PM -0400, Jack Lloyd wrote:
>
> 2) IIRC, OpenSSL adds a few "random" things like pid, uid, time, etc
> in the creation of the key
On ''Unix'' platforms, it adds getpid(), getuid(), and time(NULL).
Wagner and Goldberg demonstrated how very predictable these values were
years ago with the Netscape browser.
> 3) Oh, one more thing. An SSL/TLS key is negotiated between the
> client and server, and derived from random values sent by each of
> them.
But the client-random and server-random values are public. The only
secret input to the master secret is the pre-master secret which is
entirely supplied by the client. If the PRNG used by the client to
generate the pre-master secret is weak, an attacker that can sniff the
packets can decrypt them with relatively little effort.
In this case, you have to have a working and recognized-by-OpenSSL
/dev/urandom or an alternate source of good entropy.
--Scott
--
Scott Renfro <[EMAIL PROTECTED]>
