[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: netscape's response
On Sep 20, 1:25am, sameer wrote:
> Subject: Re: netscape's response
> > but someone who is trained in computer
> > security and cryptography implementation should *know* to check these
> > things.
>
> Upon consideration, I am going to retract this statement-- I
> suppose you can't check -everything-. (I still blame Netscape for
> shoddy crypto in the first place, just not Jeff in particular)
It turns out that Taher Elgamal and I started working here within
a week of each other, about 6 months ago. Neither of us thought to
take a serious look at the RNG seed code. I don't think that anyone
would accuse Taher of being an amateur in this area.
I for one just didn't think about it enough to realize that while
we got the RNG code from RSA, they did not provide seed code.
As for my background, I am not a trained cryptographer, but I do
understand protocols, did some internet security work as a sysadmin
while in school, and have had a casual interest in crypto stuff
for several years. If you want the gory details see my web page...
--Jeff
--
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
[email protected] - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.