[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Mousepad RNG's?

At 8:13 PM -0700 9/27/96, James A. Donald wrote:

>Some time ago, at a cypherpunks conference, people were making
>all sorts of ridiculous proposals for being really, really,
>really, sure that you had real entropy, and a prominent
>cypherpunk, possibly Tim May, said, "This is ridiculous:
>Nobody ever broke good crypto through weakness in the
>source of truly random numbers".  Sometime after that
>Netscape was broken through weakness in the source of
>truly random numbers.

This somewhat misrepresents what I said, back at that Cypherpunks meeting
in 1993-4.

The Netscape "random number generator" that was the basis of the Goldberg
and Wagner attack was not even remotely a _physical_ random number
generator, as it relied on various Unix clock readings and not on any
physical sources of entropy (such as mouse tracks, Johnson noise,
radioactivity, etc.). It was a classic case of living in a state of sin.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
Timothy C. May              | Crypto Anarchy: encryption, digital money,
[email protected]  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."