alibaba.2.0.genkey.txt

`Date: Fri, 21 May 1999 14:39:00 GMT  
>From: [email protected] (Chris Cowley)  
Subject: Vulnerability in Windows SSL server and common browsers  
  
Some time ago, I downloaded a trial version of an SSL web server product for  
Windows NT called 'Alibaba 2.0' for evaluation as a possible SSL solution. I  
eventually made a decision to use another product, but I ended up using an  
RSA key pair generated by Alibaba's 'genkey' utility (which is based on the  
popular SSLeay toolkit).  
  
Whilst recently examining the keys generated by 'genkey' using tools shipped  
as part of the SSLeay distribution, I discovered what I believe to be a  
serious flaw:-  
  
The 'genkey' utility erroneously generates a private key with an exponent of  
'1'. This results in null security since the RSA public key associated with  
a private exponent of '1' is also '1', with the effect that the session key  
for each SSL session to a server running 'Alibaba' is sent in the clear.  
  
The result of this vulnerability is that 'secure' web sites that use keys  
generated by the 'genkey' utility provided with Alibaba 2.0 do not provide  
any security. Such sites are susceptible to having their transactions  
snooped by a third party, or falsified by man-in-the-middle attacks.  
  
A further interesting discovery is that both Netscape Navigator and Internet  
Explorer will happily let the user interact with SSL web sites which have an  
RSA public key exponent of '1' without bringing the user's attention to the  
fact that such transactions are, in fact, entirely insecure.  
  
Chris Cowley, Grok Developments Ltd http://www.grok.co.uk/  
  
[from RISKS-FORUM Digest 20.41]  
`