[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: netscape's response



On Sep 20,  1:25am, sameer wrote:
> Subject: Re: netscape's response
> > but someone who is trained in computer
> > security and cryptography implementation should *know* to check these
> > things.
> 
> 	Upon consideration, I am going to retract this statement-- I
> suppose you can't check -everything-. (I still blame Netscape for
> shoddy crypto in the first place, just not Jeff in particular)

  It turns out that Taher Elgamal and I started working here within
a week of each other, about 6 months ago.  Neither of us thought to
take a serious look at the RNG seed code.  I don't think that anyone
would accuse Taher of being an amateur in this area.

  I for one just didn't think about it enough to realize that while
we got the RNG code from RSA, they did not provide seed code.

  As for my background, I am not a trained cryptographer, but I do
understand protocols, did some internet security work as a sysadmin
while in school, and have had a casual interest in crypto stuff
for several years.  If you want the gory details see my web page...

	--Jeff


-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
[email protected] - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.