Which depended on a subtle mistake in the SSL 3.0 protocol. Specifically,
it gave a different report depending on whether the text decrypted or not.

Rather ironically here, the specific flaw in SSL 3.0 that made the attack
possible was one that the designer of 3.0 had actually played a major part
in raising in the civil field. Paul Kocher's other work being exploiting
differences in the physical behavior of devices running crypto (timing,
behavior in fault situation, radiation).

Now if Netscape had not been so chronically mismanaged as to only allow
Paul two weeks to review the spec and to only give Knight 10 days to write
Javascript, well the history of Web Security might have been rather

On Thu, Nov 1, 2012 at 2:00 PM, Stephen Farrell

> On 11/01/2012 05:22 PM, Phillip Hallam-Baker wrote:
> > Having worked in Web security over 20 years now, I have still to see a
> case
> > where a system was breached because of a really subtle design flaw.
> Bleichenbacher?
> S.

Website: http://hallambaker.com/
therightkey mailing list

Reply via email to