[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NYT on Netscape Crack

To: [email protected]
Subject: Re: NYT on Netscape Crack
From: Eli Brandt <[email protected]>
Date: Tue, 19 Sep 1995 10:38:25 -0400 (EDT)
In-Reply-To: <[email protected]> from "John Young" at Sep 18, 95 11:00:27 pm
Sender: [email protected]

>    The New York Times, September 19, 1995, pp. A1, D21.
...
>    Netscape officials said today that they would strengthen
>    the system, by making it significantly harder to determine
>    the random number at the heart of their coding system. They
>    said they would no longer disclose what data would be used
>    to generate the random numbers.

and from the WSJ article:

> "The information we were using to create the key is now a known set of
> information," said Jeffrey Treuhaft, security product manager for Netscape.

It sounds as if Netscape thinks that public knowledge of the key
generation is part of the problem.  I hope somebody on the security
team convinces management that entropy is more important than publicity.

(This could be a result of journalistic cluelessness, but it came up in
two independent articles.  It's enough to worry me.)

--
   Eli Brandt
   [email protected]
(back from a nice long mailing-list vacation -- it's nice to see that
 cpunks is still at the cutting edge.  for them what cares, I'm now
 a Ph.D. student at the CMU CS program...)

Follow-Ups:
- Re: NYT on Netscape Crack
  - From: Thomas Grant Edwards <[email protected]>

References:
- NYT on Netscape Crack
  - From: John Young <[email protected]>

Prev by Date: (Yet Another?) Netscape Crack Web page
Next by Date: articles
Prev by thread: Re: NYT on Netscape Crack
Next by thread: Re: NYT on Netscape Crack
Index(es):
- Date
- Thread