[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Security Update news release
> Do the new versions use PGP's randseed.bin? If Netscape even only looks at
> data used to keep PGP secure, Netscape will be banned from my computer
> and every computer I am responsible for. -- For good.
Rather than get into a big fight about how safe it is for netscape
to be reading PGPs randseed.bin file, I've changed our code to not
do it. Instead of reading ~/.pgp/randseed.bin, we now get the name
of a file from the environment variable NSRANDFILE, and pass that
file's contents throught the RNG seed hash. If you decide that its
safe, you can set the env variable to point to your randseed.bin file,
or any other file of random bits you care to use.
--Jeff
--
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
[email protected] - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.