[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
netscape's response
" With this knowledge, an experienced computer programmer could
decrypt messages sent by Netscape Navigator to other computers in a
few hours of computation time."
Excuse me? A few hours? Try 25 seconds??
"Netscape has also begun to engage an external group of world-class
security experts who will review our solution to this problem before
it is sent to customers."
A group which offered to review the first version, but
Netscape refused.
From their release it looks like they aren't finding a better
source of entropy, but just using *more* sources of entropy. Doesn't
mean that the entropy is good.
A T-shirt to the first person to decompile the new Seed code
and post the sources of "entropy" used.
(See http://www.c2.org/hacknetscape for general [not written
in stone] guidelines regarding t-shirt awards)
--
sameer Voice: 510-601-9777
Community ConneXion FAX: 510-601-9734
An Internet Privacy Provider Dialin: 510-658-6376
http://www.c2.org (or login as "guest") [email protected]