W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1999

Re: Password change via HTTP

From: John Stracke <francis@ecal.com>
Date: Tue, 15 Jun 1999 15:34:30 +0000
Message-ID: <37667286.877BD6C4@ecal.com>
To: http-wg@hplb.hpl.hp.com
Steve Parker wrote:

> Doesn't help (well, just a slight delay) - see Shamir and van
> Someren's paper "Playing hide and seek with stored keys", delivered
> to this year's Financial Cryptography conference: "We describe efficient
> algebraic attacks which can locate secret RSA keys in long bit strings,
> and more general statistical attacks which can find arbitrary cryptographic
> keys embedded in large programs.

I take it this requires access to the process's memory space?

|John Stracke    | My opinions are my own | S/MIME & HTML OK  |
|Chief Scientist | NT's lack of reliability is only surpassed |
|eCal Corp.      |  by its lack of scalability. -- John Kirch |
Received on Tuesday, 15 June 1999 16:38:20 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:31 EDT