[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: real randomness for netscape - user clicking mouse

To: Vincent Cate <[email protected]>
Subject: Re: real randomness for netscape - user clicking mouse
From: "Perry E. Metzger" <[email protected]>
Date: Tue, 26 Sep 1995 20:05:10 -0400
Cc: [email protected], [email protected]
In-Reply-To: Your message of "Tue, 26 Sep 1995 15:24:44." <[email protected]>
Reply-To: [email protected]
Sender: [email protected]

Vincent Cate writes:
> While it is true that on some versions of X you can watch mouse events on
> other peoples computers, it is also true that on some versions you can
> watch keyboard input.

On my secure systems, when a machine running X has to be on an
insecure network, I compile the X server so that it physically lacks
the ability to speak to the network -- it does all its IPC via unix
domain sockets. However, you are correct that most people don't take
precautions like I do.

> At CMU Bennet Yee wrote a program to get peoples
> passwords as they typed them in using X's poor/non-existent security back
> then.  This was before xauth. 

Xauth isn't secure, as folks have shown.

> I still think that the low bits of the mouses X and Y positions as the
> user moves the mouse around the screen are a very good source of random
> bits for Netscape.

Agreed.

Perry

References:
- Re: real randomness for netscape - user clicking mouse
  - From: Vincent Cate <[email protected]>

Prev by Date: Re: real randomness for netscape - user clicking mouse
Next by Date: Re: Netscape for OS/2, when? (Re: Another Netscape Bug)
Prev by thread: Re: real randomness for netscape - user clicking mouse
Next by thread: Re: real randomness for netscape - user clicking mouse
Index(es):
- Date
- Thread