[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: real randomness for netscape - user clicking mouse




Vincent Cate writes:
> While it is true that on some versions of X you can watch mouse events on
> other peoples computers, it is also true that on some versions you can
> watch keyboard input.

On my secure systems, when a machine running X has to be on an
insecure network, I compile the X server so that it physically lacks
the ability to speak to the network -- it does all its IPC via unix
domain sockets. However, you are correct that most people don't take
precautions like I do.

> At CMU Bennet Yee wrote a program to get peoples
> passwords as they typed them in using X's poor/non-existent security back
> then.  This was before xauth. 

Xauth isn't secure, as folks have shown.

> I still think that the low bits of the mouses X and Y positions as the
> user moves the mouse around the screen are a very good source of random
> bits for Netscape.

Agreed.

Perry