[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: NYT on Netscape Crack
> The New York Times, September 19, 1995, pp. A1, D21.
...
> Netscape officials said today that they would strengthen
> the system, by making it significantly harder to determine
> the random number at the heart of their coding system. They
> said they would no longer disclose what data would be used
> to generate the random numbers.
and from the WSJ article:
> "The information we were using to create the key is now a known set of
> information," said Jeffrey Treuhaft, security product manager for Netscape.
It sounds as if Netscape thinks that public knowledge of the key
generation is part of the problem. I hope somebody on the security
team convinces management that entropy is more important than publicity.
(This could be a result of journalistic cluelessness, but it came up in
two independent articles. It's enough to worry me.)
--
Eli Brandt
[email protected]
(back from a nice long mailing-list vacation -- it's nice to see that
cpunks is still at the cutting edge. for them what cares, I'm now
a Ph.D. student at the CMU CS program...)