Demailly, L. (1996). Netscape Security (problems). http://www.demailly.com/ dl/netscapesec/.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....results in overlooking some details which might introduce security holes. Furthermore, in the supposition that the security requirements are clearly understood and known in advance, it is necessary to implement them in the correct way. Several examples exist (e.g. the Netscape random generator bug [Demailly, 1996]) where a small weakness or bug in security related code could bring down the security of the whole application. A second important reason why applications are dicult to secure is the structural di erence between an application and the required security solution. Con dentiality for instance ....

Demailly, L. (1996). Netscape Security (problems). http://www.demailly.com/ dl/netscapesec/.

....was very similar in nature to the weakness in Kerberos Version 4. Netscape used known, deterministic components to seed the random number generator. The Netscape SSL random number guessing attack as described by Goldberg and Wagner [10] More information is available on the World Wide Web [5]. 10.2. X11MIT MAGIC COOKIE 1RandomNumber Attack The MIT MAGIC COOKIE 1 random number generation vulnerability was originally discovered by Chris Hall [11] and was discussed in the Best of Security mailing list [25] This is another instance of a poorly implemented random number generation routine ....

L. Demailly. Netscape security (problems). http:// hplyot.obspm.fr/dl/netscapesec/, 1995.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC