[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Mousepad RNG's?
> At 8:13 PM -0700 9/27/96, James A. Donald wrote:
>
>Some time ago, at a cypherpunks conference, people were making
>all sorts of ridiculous proposals for being really, really,
>really, sure that you had real entropy, and a prominent
>cypherpunk, possibly Tim May, said, "This is ridiculous:
>Nobody ever broke good crypto through weakness in the
>source of truly random numbers". Sometime after that
>Netscape was broken through weakness in the source of
>truly random numbers.
This is correct only in the first part, it is true that good
cryptography has never been documentably broken through weaknesses in
a real random source.
The netscape attack was on the PRNG used in netscape, the proverbial
state of sin. I don`t know what PRNG netscape used in the broken
version, can anyone tell me what they used, and whether it was the
PRNG or the seed that was weak, also I would be interested to know
what they are using now in terms of the algorithm and seed...
Datacomms Technologies web authoring and data security
Paul Bradley, [email protected]
[email protected], [email protected]
Http://www.cryptography.home.ml.org/
Email for PGP public key, ID: 5BBFAEB1
"Don`t forget to mount a scratch monkey"