[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Mousepad RNG's?

> At 8:13 PM -0700 9/27/96, James A. Donald wrote:
>Some time ago, at a cypherpunks conference, people were making
>all sorts of ridiculous proposals for being really, really,
>really, sure that you had real entropy, and a prominent
>cypherpunk, possibly Tim May, said, "This is ridiculous:
>Nobody ever broke good crypto through weakness in the
>source of truly random numbers".  Sometime after that
>Netscape was broken through weakness in the source of
>truly random numbers.

This is correct only in the first part, it is true that good 
cryptography has never been documentably broken through weaknesses in 
a real random source.

The netscape attack was on the PRNG used in netscape, the proverbial 
state of sin. I don`t know what PRNG netscape used in the broken 
version, can anyone tell me what they used, and whether it was the 
PRNG or the seed that was weak, also I would be interested to know 
what they are using now in terms of the algorithm and seed...


  Datacomms Technologies web authoring and data security
       Paul Bradley, [email protected]
  [email protected], [email protected]    
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"