[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NYT on Netscape Crack



>    The New York Times, September 19, 1995, pp. A1, D21.
...
>    Netscape officials said today that they would strengthen
>    the system, by making it significantly harder to determine
>    the random number at the heart of their coding system. They
>    said they would no longer disclose what data would be used
>    to generate the random numbers.

and from the WSJ article:

> "The information we were using to create the key is now a known set of
> information," said Jeffrey Treuhaft, security product manager for Netscape.

It sounds as if Netscape thinks that public knowledge of the key
generation is part of the problem.  I hope somebody on the security
team convinces management that entropy is more important than publicity.

(This could be a result of journalistic cluelessness, but it came up in
two independent articles.  It's enough to worry me.)

--
   Eli Brandt
   [email protected]
(back from a nice long mailing-list vacation -- it's nice to see that
 cpunks is still at the cutting edge.  for them what cares, I'm now
 a Ph.D. student at the CMU CS program...)