[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NYT on Netscape Crack

To: [email protected]
Subject: Re: NYT on Netscape Crack
From: David_A Wagner <[email protected]>
Date: Wed, 20 Sep 1995 16:53:01 -0700 (PDT)
Sender: [email protected]

In article <[email protected]> you write:
> Is it a good idea to use different (unrelated!) seeded PRNG's for the
> challenge data (which can be seen by sniffing) and the masterkey (which
> should never leave out of client's memory?

No.

If the master key PRNG is poorly seeded, this is still exploitable:
for instance, there is a lot of redundancy in most plaintext, and
this can be used to check each candidate key value.

Just use a cryptographically secure PRNG seeded with enough entropy.

Prev by Date: NIST ESCROW PAPERS - NOW WEB AVAILABLE
Next by Date: RE: BIZDOS CITIZENSHIP?
Prev by thread: Re: NYT on Netscape Crack
Next by thread: Musings
Index(es):
- Date
- Thread