[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Mousepad RNG's?

To: [email protected]
Subject: Re: Mousepad RNG's?
From: "Philip L. Karlton" <[email protected]>
Date: Tue, 01 Oct 1996 13:44:51 -0700
CC: [email protected]
Organization: Netscape Communications
References: <[email protected]>
Sender: [email protected]

[email protected] wrote:

> I don`t know what PRNG netscape used in the broken
> version, can anyone tell me what they used, and whether it was the
> PRNG or the seed that was weak

The problem was with the seed; it was especially vulnerable to attacks
from somebody running on the same machine. Sufficient entropy is now
obtained during initialization and the PRNG is reseeded reasonably often
during execution. For the Navigator, this is every time the user event
loop cycles.

> also I would be interested to know
> what they are using now in terms of the algorithm and seed...

A pointer to the fixed code was posted to cypherpunks last year.

PK
--
Philip L. Karlton			[email protected]
Principal Curmudgeon			http://www.netscape.com/people/karlton
Netscape Communications Corporation

    Everything should be made as simple as possible, but not simpler.
	-- Albert Einstein

Prev by Date: Re: the key of DES
Next by Date: This list is a joke
Prev by thread: Re: the key of DES
Next by thread: This list is a joke
Index(es):
- Date
- Thread