[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NYT on Netscape Crack



> 
> Not, of course, that they disclosed it before -- it was found by
> reverse engineering the distributed executable. Not, of course, that
> they have a choice in the matter of whether to disclose it -- they
> will be "disclosing" how its done as soon as they release the
> code. Not, of course, that security through obscurity does any good --
> it just magnifies the pain.

	Once netscape is patched with a stronger PRNG if someone can
crack -that- one too, then they will get a T-shirt as well. Perhaps I
should offer the t-shirt for just revealing the algorithim used w/o
actually cracking it, just to deal with that statement from "Netscape
officials".
	I emphasized in my conversation with the SFChronicle today
that 'security by obscurity' doesn't work. Hopefully that will be
reflected in the article.

-- 
sameer						Voice:   510-601-9777
Network Administrator				FAX:	 510-601-9734
Community ConneXion: The NEXUS-Berkeley		Dialin:  510-658-6376
http://www.c2.org (or login as "guest")			[email protected]