[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security Update news release



| > >  Here is the press release we put out this morning regarding the fix
| > >for RNG seed and stack overflow problems.
| > 
| > Do the new versions use PGP's randseed.bin? If Netscape even only looks at
| > data used to keep PGP secure,  Netscape will be banned from my computer
| > and every computer I am responsible for. -- For good.
| 
| That doesn't quite make sense.  Netscape reading randseed.bin can have no
| effect on the security of PGP.

	I think you meant to say:

	"If md5 is a solid hash fucntion, and if Netscape doesn't dump
core somewhere publically readable, and if Netscape doesn't
accidentally have a stack overflow that causes your randseed,bin to
become confused with last-url-visited, then it is very unlikely that
Netscape reading your randseed.bin will have an effect on the security
of your PGP keys or messages."

	The history of people doing the impossible is too long to not
spell out your security assumptions.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume