[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Mousepad RNG's?
[email protected] wrote:
> I don`t know what PRNG netscape used in the broken
> version, can anyone tell me what they used, and whether it was the
> PRNG or the seed that was weak
The problem was with the seed; it was especially vulnerable to attacks
from somebody running on the same machine. Sufficient entropy is now
obtained during initialization and the PRNG is reseeded reasonably often
during execution. For the Navigator, this is every time the user event
loop cycles.
> also I would be interested to know
> what they are using now in terms of the algorithm and seed...
A pointer to the fixed code was posted to cypherpunks last year.
PK
--
Philip L. Karlton [email protected]
Principal Curmudgeon http://www.netscape.com/people/karlton
Netscape Communications Corporation
Everything should be made as simple as possible, but not simpler.
-- Albert Einstein