[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NSA and Netscape Crack

To: [email protected] (Jeff Weinstein)
Subject: Re: NSA and Netscape Crack
From: Christian Wettergren <[email protected]>
Date: Thu, 21 Sep 1995 10:35:00 -0700
Cc: [email protected]
In-Reply-To: Your message of 21 Sep 1995 05:04:58 GMT. <[email protected]>
Sender: [email protected]


| Believe it or not we don't like being trashed for
| being stupid all over the net, print media, and TV.  As far as I know
| the NSA have not given us any advice about how to make our system
| stronger.  I've heard rumors that they were quite upset when they
| learned that SSLs 40-bit RC4 was actually 40-bit secret and 88-bit salt.

It is dangerous that the general reaction is that of
'them being stupid', since that will prevent others
from stepping forward and reveal their own 'holes'.

I decree that 'all holes look stupid once located'.

But 'any non-trivially large program is bound to have
holes' => 'all programmers are stupid' (except me,
because I found the hole?)

Jeff, your and Netscape prompt response to this is
what counts - holes will always be uncovered, it's the
time before they are patched that really matters.

/Christian

References:
- Re: NSA and Netscape Crack
  - From: [email protected] (Jeff Weinstein)

Prev by Date: Re: Euro-Clipper
Next by Date: Re: netscape's response (source code review)
Prev by thread: Re: NSA and Netscape Crack
Next by thread: http://www.c2.org/hacknetscape/critique.phtml
Index(es):
- Date
- Thread