[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: netscape's response
On Wed, 20 Sep 1995, Jeff Weinstein wrote:
> NOTE: my first attempt to send this bounced at toad.com
>
> On Sep 20, 5:16pm, David_A Wagner wrote:
> > Subject: Re: netscape's response
> > In article <9509200139.ZM206@tofuhut> you write:
> > > On Sep 20, 12:29am, Christian Wettergren wrote:
> > > > One wild idea that I just got was to have servers and clients exchange
> > > > random numbers (not seeds of course), in a kind of chaining way. Since
> > > > most viewers connect to a number of servers, and all servers are
> > > > connected to by many clients, they would mix "randomness sources" with
> > > > each other, making it impossible to observe the local environment
> > > > only. And the random values would of course be encrypted under the
> > > > session key, making it impossible to "watch the wire".
> > >
> > > Wow, this is a great idea!!
> >
> > Are you quite sure this is a good idea?
> >
> > I'd be very scared of it. In particular, it opens up the chance for
> > adversaries to feed you specially chosen numbers to pollute your seeds.
Suppose you divide your random material into several parts:
A: Userinput (updated from Keystroke timing etc.)
B: 'Random' numbers from remote server
C: Time, pid, ppid, etc..
D: other...
Whenever you want to incorporate new data into B you could do something like:
B = B xor Hash (A,B,C,D, fresh 'random')
This would be very hard to pollute with well chosen input.
>
> What I should have said is that its a very interesting idea. Given
> current perceptions of netscape, I should have made clear that I
> wouldn't do something like this without getting a lot more discussion
> and review of possible dangers and how to avoid them. I certainly
> can't fault anyone for wondering if we would just implement this
> without thinking it through, given recent events.
>
Frank