Cryptome DVDs are offered by Cryptome. Donate $25 for two DVDs of the Cryptome 12-years collection of 46,000 files from June 1996 to June 2008 (~6.7 GB). Click Paypal or mail check/MO made out to John Young, 251 West 89th Street, New York, NY 10024. The collection includes all files of cryptome.org, jya.com, cartome.org, eyeball-series.org and iraq-kill-maim.org, and 23,000 (updated) pages of counter-intelligence dossiers declassified by the US Army Information and Security Command, dating from 1945 to 1985.The DVDs will be sent anywhere worldwide without extra cost.

Google
 
Web cryptome.org cryptome.info jya.com eyeball-series.org cryptome.cn


5 June 1998: Link to VeriSign response

27 May 1998


Date: Wed, 27 May 1998 12:27:10 -0400
To: jy@jya.com
From: Ed Stone <estone@synernet.com>
Subject: VeriSign - MSIE Key Generation Security Issue

-----BEGIN PGP SIGNED MESSAGE-----

When obtaining a VeriSign Class 1 Digital ID for domestic (128-bit)
version of MSIE, the instructions provided by VeriSign, if followed,
result in the subscriber obtaining a weak, international strength
asymmetric key (RSA 512-bits), rather than the higher security
asymmetric key (RSA 1024 bits). These keys are used in the MSIE S/MIME
applications, such as Outlook Express and Outlook98, etc.

If one obtains the weaker key, then even if the high security version
of MSIE uses a strong symmetric session encryption algorithm, such as
168-bit 3DES, the session key to the 168-bit 3DES will be protected
only by the weak RSA 512-bit asymmetric key. That makes all email sent
using the RSA 512 VeriSign/MSIE Class 1 Digital ID vulnerable as
described in RSADSI's security estimate of RSA 512.

The security estimate for RSA 512-bit keys states that by "1997 or
1998", RSA 512-bit keys are "not recommended" for even low to moderate
security applications.

See http://www.rsa.com/rsalabs/pubs/techreports/security_estimates.pdf
for RSADSI's estimate of the security of RSA 512.

The faulty guidance on the VeriSign site is at

https://digitalid.verisign.com/client/class1MS.htm where the form for
obtaining the VeriSign Class 1 Digital ID for MSIE states:

"(Optional): Select The Cryptographic Service 
Leave this as it is unless you are using a specialized mechanism, such
as a smart card, to manage your private key. In this case, select the
appropriate provider from the list box."

Since the subscriber does not plan to use a "smart card", he follows
the guidance provided by VeriSign and "leaves this as it is.."

That will result in the subscriber obtaining an RSA 512-bit key,
rather than an RSA 1024-bit key.

The drop down box shows the Cryptographic Service Provider Name,
specifically "Microsoft Base Cryptographic Provider v1.0". That is the
weak, international version of MSIE's crypto service provider. For
MSIE browsers that have 128-bit domestic security, a second crypto
service provider, "Microsoft Enhanced Cryptographic Provider v1.0" is
selectable.

To get the high-security RSA 1024-bit key, ingore VeriSign's
instructions, and select "Microsoft Enhanced Cryptographic Provider
v1.0". You will then receive the RSA 1024-bit key.

Surely, VeriSign will want to advise its subscribers of this security
issue immmediately, and the vulnerability to which VeriSign's error
has exposed certain VeriSign subscribers. Further, VeriSign should
provide replacement, high-security Digital ID's at no cost to their
subscribers.

I have not checked to see if this issue affects Class 2 and other
VeriSign Digital IDs.
-----BEGIN PGP SIGNATURE-----
Version: PGP for Business Security 5.5.2

iQEVAwUBNWw+m4VSIIjbt1r5AQG/aQf/eyPpMctYGdxUPI3YZDl4kKacDeibBk6c
YpLPRxYpGVvP2neEEHeSF5Thl33yrh0TRAqIw4n1WZoMWNoMumQZkUcsJGDAxiYs
xlBjX3CDiWBDS+veCgujT/qmyPMrEymO/BrKH1PwR9fGcrctrDXKFar4QftdEEM/
ybCYPv5JDwhQ90IlDMxxtJwcBI3jBdVi7KaW9Zeqa36jkmsm5xyl0ne627z1x4mr
eY/88gl/qBb7MIQxfn0BY06zSoZG9dLWVHvxdWKPhoR4KqaKw8DXpboLiK+37yqQ
82Q84jqmctqnZq/3Q7nh3QuhP9LKkVpyXs92HL1uSSW8kTfO76mAPg==
=yL1D

-----END PGP SIGNATURE-----

--
--------------------------
Ed Stone
estone@synernet.com
--------------------------