Security Basics mailing list archives

Re: SSL protocol flaw, request for opinions

From: Angelo Perniola <perniola () infosec it>
Date: Mon, 24 Feb 2003 17:50:02 +0100

Juan Velasquez wrote:

I just read this story which explains how the Swiss Federal Institute ofTechnologyexploited a flaw in the SSL protocol to hijack an 8 character passwordfrom a bunch of SSL encrypted email logins.
I was surprised. What does the security community think of this?

http://www.newscientist.com/news/news.jsp?id=ns99993420




Also interesting, comments from SSL 3.0 designer Paul Kocher:

http://slashdot.org/articles/03/02/20/1956229.shtml?tid=93&tid=172

ap

Current thread:

SSL protocol flaw, request for opinions Juan Velasquez (Feb 22)
- Re: SSL protocol flaw, request for opinions Gayle Shipp (Feb 24)
- RE: SSL protocol flaw, request for opinions Benjamin Meade (Feb 24)
- Re: SSL protocol flaw, request for opinions Angelo Perniola (Feb 24)
- Re: SSL protocol flaw, request for opinions Naveen Maram (Feb 24)