Re: Password change via HTTP

John Stracke (francis@ecal.com)
Tue, 15 Jun 1999 15:34:30 +0000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Steve Parker: "RE: Password change via HTTP"
Previous message: Steve Parker: "RE: Password change via HTTP"
Maybe in reply to: Alex Kodat: "Password change via HTTP"

Steve Parker wrote:

> Doesn't help (well, just a slight delay) - see Shamir and van
> Someren's paper "Playing hide and seek with stored keys", delivered
> to this year's Financial Cryptography conference: "We describe efficient
> algebraic attacks which can locate secret RSA keys in long bit strings,
> and more general statistical attacks which can find arbitrary cryptographic
> keys embedded in large programs.

I take it this requires access to the process's memory space?

--
/=============================================================\
|John Stracke    | My opinions are my own | S/MIME & HTML OK  |
|francis@ecal.com|============================================|
|Chief Scientist | NT's lack of reliability is only surpassed |
|eCal Corp.      |  by its lack of scalability. -- John Kirch |
\=============================================================/

Next message: Steve Parker: "RE: Password change via HTTP"
Previous message: Steve Parker: "RE: Password change via HTTP"
Maybe in reply to: Alex Kodat: "Password change via HTTP"