[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Reducing the Flames, Attacks, and Nit-Pickings

To: [email protected] (Timothy C. May)
Subject: Re: Reducing the Flames, Attacks, and Nit-Pickings
From: Scott Brickner <[email protected]>
Date: Mon, 23 Oct 1995 20:33:35 -0500
Cc: [email protected]
In-Reply-To: (Your message of Sun, 22 Oct 1995 22:01:07 PDT.) <acb06aea5b021004cdd9@[205.199.118.202]>
Sender: [email protected]

Timothy C. May writes:
>Worse, idle speculation about possible security flaws seems wasteful.

Not always.  A couple of months ago someone was asking what the fuss
was about in making sure random number generators were secure.  In
describing potential problems with poor RNG seeds I "idly" speculated
that if Netscape has a lousy RNG that it might be *lots* easier to
attack that than the (then current) brute force attack was.

A week or to later, Ian posted a reverse engineered copy of the
Netscape RNG stuff, and a week or so after that announced his big
hole.

Occasionally, idle speculation sparks good ideas.

References:
- Re: Reducing the Flames, Attacks, and Nit-Pickings
  - From: [email protected] (Timothy C. May)

Prev by Date: Re: Info: Elementrix POTP
Next by Date: Re: [reformatted] how secure can privasoft be?
Prev by thread: Re: Reducing the Flames, Attacks, and Nit-Pickings
Next by thread: S.F. judge to rule on encoding software
Index(es):
- Date
- Thread