[The following is the first block comment in unssl.c]

/* unssl.c - Last update: 950917

  Break netscape's shoddy implementation of SSL on some platforms
  (tested for netscape running RC4-40 on Solaris and HP-UX; other
   Unices are probably similar; other crypt methods are unknown, but
   it is likely that RC4-128 will have the same problems).

  The idea is this: netscape seeds the random number generator it uses
  to produce challenge-data and master keys with a combination of the
  time in seconds and microseconds, the pid and the ppid.  Of these,
  only the microseconds is hard to determine by someone who
  (a) can watch your packets on the network and
  (b) has access to any account on the system running netscape.

  Even if (b) is not satisfied, the time can often be obtained from
  the time or daytime network daemons; an approximation to the pid can
  sometimes be obtained from a mail daemon (the pid is part of most
  Message-ID's); the ppid will usually be not much smaller than the pid,
  and has an higher than average chance of being 1.  Clever guessing
  of these values will in all likelihood cut the expected search space
  down to less than brute-forcing a 40-bit key, and certainly is less
  than brute-forcing a 128-bit key.

  Subsequent https: connections after the first (even to different hosts)
  seem to _not_ reseed the RNG.  This makes things much easier, once
  you've broken the first message.  Just keep generating 16 bytes of
  random numbers until you get the challenge-data for the next message.
  The next key will then be the 16 random bytes after that.

  main() and bits of MD5Transform1 by Ian Goldberg <[email protected]>
  and David Wagner <[email protected]>.  The rest is taken from the
  standard MD5 code; see below.

  This code seems to want to run on a big-endian machine.  There may be
  other problems as well.  This code is provided as-is; if it causes you
  to lose your data, sleep, civil liberties, or SO, that's your problem.

#include <std/disclaimer.h>

  On the command line, give the time in seconds, the pid, the ppid and
  the SSL challenge data (each byte in hex, separated by some non-hex
  character like a colon) of the _first_ SSL message generated by
  the instance of netscape.  This program will search through the
  microsecond values.  You may need to run it again with a slightly
  different value for the seconds, depending on how accurately you know
  the time on the system running netscape.  The output will be the
  master key (all 16 bytes; note you never even told the program the
  11 bytes you knew) and the value for the microseconds that produced it.

  As a benchmark, this code runs in just under 25 seconds real time
  (for an unsuccessful search through 1<<20 values for the microseconds)
  on an unloaded HP 712/80.
*/

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.