|
Cryptome DVDs are offered by Cryptome. Donate $25 for two DVDs of the Cryptome 12-years collection of 46,000 files from June 1996 to June 2008 (~6.7 GB). Click Paypal or mail check/MO made out to John Young, 251 West 89th Street, New York, NY 10024. The collection includes all files of cryptome.org, jya.com, cartome.org, eyeball-series.org and iraq-kill-maim.org, and 23,000 (updated) pages of counter-intelligence dossiers declassified by the US Army Information and Security Command, dating from 1945 to 1985.The DVDs will be sent anywhere worldwide without extra cost. |
5 June 1998: Link to VeriSign response
27 May 1998
Date: Wed, 27 May 1998 12:27:10 -0400 To: jy@jya.com From: Ed Stone <estone@synernet.com> Subject: VeriSign - MSIE Key Generation Security Issue -----BEGIN PGP SIGNED MESSAGE----- When obtaining a VeriSign Class 1 Digital ID for domestic (128-bit) version of MSIE, the instructions provided by VeriSign, if followed, result in the subscriber obtaining a weak, international strength asymmetric key (RSA 512-bits), rather than the higher security asymmetric key (RSA 1024 bits). These keys are used in the MSIE S/MIME applications, such as Outlook Express and Outlook98, etc. If one obtains the weaker key, then even if the high security version of MSIE uses a strong symmetric session encryption algorithm, such as 168-bit 3DES, the session key to the 168-bit 3DES will be protected only by the weak RSA 512-bit asymmetric key. That makes all email sent using the RSA 512 VeriSign/MSIE Class 1 Digital ID vulnerable as described in RSADSI's security estimate of RSA 512. The security estimate for RSA 512-bit keys states that by "1997 or 1998", RSA 512-bit keys are "not recommended" for even low to moderate security applications. See http://www.rsa.com/rsalabs/pubs/techreports/security_estimates.pdf for RSADSI's estimate of the security of RSA 512. The faulty guidance on the VeriSign site is at https://digitalid.verisign.com/client/class1MS.htm where the form for obtaining the VeriSign Class 1 Digital ID for MSIE states: "(Optional): Select The Cryptographic Service Leave this as it is unless you are using a specialized mechanism, such as a smart card, to manage your private key. In this case, select the appropriate provider from the list box." Since the subscriber does not plan to use a "smart card", he follows the guidance provided by VeriSign and "leaves this as it is.." That will result in the subscriber obtaining an RSA 512-bit key, rather than an RSA 1024-bit key. The drop down box shows the Cryptographic Service Provider Name, specifically "Microsoft Base Cryptographic Provider v1.0". That is the weak, international version of MSIE's crypto service provider. For MSIE browsers that have 128-bit domestic security, a second crypto service provider, "Microsoft Enhanced Cryptographic Provider v1.0" is selectable. To get the high-security RSA 1024-bit key, ingore VeriSign's instructions, and select "Microsoft Enhanced Cryptographic Provider v1.0". You will then receive the RSA 1024-bit key. Surely, VeriSign will want to advise its subscribers of this security issue immmediately, and the vulnerability to which VeriSign's error has exposed certain VeriSign subscribers. Further, VeriSign should provide replacement, high-security Digital ID's at no cost to their subscribers. I have not checked to see if this issue affects Class 2 and other VeriSign Digital IDs. -----BEGIN PGP SIGNATURE----- Version: PGP for Business Security 5.5.2 iQEVAwUBNWw+m4VSIIjbt1r5AQG/aQf/eyPpMctYGdxUPI3YZDl4kKacDeibBk6c YpLPRxYpGVvP2neEEHeSF5Thl33yrh0TRAqIw4n1WZoMWNoMumQZkUcsJGDAxiYs xlBjX3CDiWBDS+veCgujT/qmyPMrEymO/BrKH1PwR9fGcrctrDXKFar4QftdEEM/ ybCYPv5JDwhQ90IlDMxxtJwcBI3jBdVi7KaW9Zeqa36jkmsm5xyl0ne627z1x4mr eY/88gl/qBb7MIQxfn0BY06zSoZG9dLWVHvxdWKPhoR4KqaKw8DXpboLiK+37yqQ 82Q84jqmctqnZq/3Q7nh3QuhP9LKkVpyXs92HL1uSSW8kTfO76mAPg== =yL1D -----END PGP SIGNATURE----- -- -------------------------- Ed Stone estone@synernet.com --------------------------