Which depended on a subtle mistake in the SSL 3.0 protocol. Specifically, it gave a different report depending on whether the text decrypted or not.
Rather ironically here, the specific flaw in SSL 3.0 that made the attack possible was one that the designer of 3.0 had actually played a major part in raising in the civil field. Paul Kocher's other work being exploiting differences in the physical behavior of devices running crypto (timing, behavior in fault situation, radiation). Now if Netscape had not been so chronically mismanaged as to only allow Paul two weeks to review the spec and to only give Knight 10 days to write Javascript, well the history of Web Security might have been rather different. On Thu, Nov 1, 2012 at 2:00 PM, Stephen Farrell <stephen.farr...@cs.tcd.ie>wrote: > > > On 11/01/2012 05:22 PM, Phillip Hallam-Baker wrote: > > Having worked in Web security over 20 years now, I have still to see a > case > > where a system was breached because of a really subtle design flaw. > > Bleichenbacher? > > S. > -- Website: http://hallambaker.com/
_______________________________________________ therightkey mailing list therightkey@ietf.org https://www.ietf.org/mailman/listinfo/therightkey
