[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Security Update news release
>>Do the new versions use PGP's randseed.bin? If Netscape even only looks at
>>data used to keep PGP secure, Netscape will be banned from my computer
>>and every computer I am responsible for. -- For good.
>
>This is the second person who has expressed this sentiment. I don't
>understand it. If you believe that the possibility of randseed.bin
>getting out is dangerous, then why do you leave it online? Do you
>really trust every piece of software you run, every piece of software
>that can possibly access your machine over the net, to not look at
>that file?
It makes a little bit of sense - I'm not aware of any software,
other than PGP and now Netscape, that _explicitly_ goes after randseed.bin,
though of course just about anything can try.
Assuming the code is inspectable (which it currently is), if I can
see that all it's going to do with the file is crunch it into MD5
along with a bunch of other stuff, I'm not too worried, even though
it is stealing slack(entropy) from PGP.
#---
# Bill Stewart, Freelance Information Architect, [email protected]
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281
#---