[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Reducing the Flames, Attacks, and Nit-Pickings



Timothy C. May writes:
>Worse, idle speculation about possible security flaws seems wasteful.

Not always.  A couple of months ago someone was asking what the fuss
was about in making sure random number generators were secure.  In
describing potential problems with poor RNG seeds I "idly" speculated
that if Netscape has a lousy RNG that it might be *lots* easier to
attack that than the (then current) brute force attack was.

A week or to later, Ian posted a reverse engineered copy of the
Netscape RNG stuff, and a week or so after that announced his big
hole.

Occasionally, idle speculation sparks good ideas.