[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NSA rigs Crypto machines according to Balto Sun

To: [email protected]
Subject: Re: NSA rigs Crypto machines according to Balto Sun
From: [email protected] (Peter Wayner)
Date: Mon, 11 Dec 1995 12:51:52 -0500
Sender: [email protected]

At 11:14 AM 12/11/95, [email protected] wrote:

>>So, is this what happened at Crypto AG? Is this what happened at
>>Netscape? We may never no for certain, but there is a final
>>warning for the folks at Netscape that is buried the Sun's
>>article about Crypto AG:
>
>No it is nothing like what happened at Netscape which was a common or
>garden cock up. It was simply the result of miscommunication between
>two groups of people being the original and new security team. Taher
>et al thought that the random number seed was OK because they discovered
>a design document describing it. Unfortunately the code had not been
>written to implement that design.
>
>        Phill

Thanks for the deeper insight. Sure it was probably a mistake. But someone
made the decision to write code that didn't conform to that design document.
That person was probably saying, "Random number generator. Cool. I can use
the standard C library." or whatever. But that person could have been saying,
"Hey, if I slip this in then I'll be able to snag the session
keys with impunity."
We'll never know for sure.

-Peter

Prev by Date: Re: Questions for Mark Twain Banks
Next by Date: Re: Timing Cryptanalysis Attack
Prev by thread: Re: NSA rigs Crypto machines according to Balto Sun
Next by thread: NIST GAK meeting writeup, LONG part 3 of 3
Index(es):
- Date
- Thread