[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Add-in encryption module to Netscape



At 10:04 PM 4/21/96 -0700, Bill Stewart wrote:
>At 09:55 PM 4/20/96 -0700, [email protected] (Bill Frantz) wrote:
>>I have thought about the sources of entropy available to a Java applet, and
>>there aren't many.  You should design your protocol so entropy is not
>>needed on the applet side.  Entropy is normally used to pick symmetric
>>encryption keys, and Initialization vectors
>
>If your applet wants to set up a Diffie-Hellman connection, it'll need
>a random number to set its half-key; a scribble window may be good enough.

Indeed, Bill Stewart (and someone else whose name I forget) are right.  I
had it in the back of my head that you don't want to harass the user.  If
you are willing, as in PGP, to ask the user to enter some entropy, then
there you can get some sources of randomness which may be good enough. 
However, do be conservative.  After being conservative, gather 10 times as
much as you thought you needed.  The models of entropy in scribbling are
none too good.


Regards - Bill



------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
[email protected] | dead teenagers | Los Gatos, CA 95032, USA