On Sep 20, 1:25am, sameer wrote:
Subject: Re: netscape's response
but someone who is trained in computer security and cryptography implementation should *know* to check these things.
Upon consideration, I am going to retract this statement-- I suppose you can't check -everything-. (I still blame Netscape for shoddy crypto in the first place, just not Jeff in particular)
It turns out that Taher Elgamal and I started working here within a week of each other, about 6 months ago. Neither of us thought to take a serious look at the RNG seed code. I don't think that anyone would accuse Taher of being an amateur in this area. I for one just didn't think about it enough to realize that while we got the RNG code from RSA, they did not provide seed code. As for my background, I am not a trained cryptographer, but I do understand protocols, did some internet security work as a sysadmin while in school, and have had a casual interest in crypto stuff for several years. If you want the gory details see my web page... --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.