17 Dec
2003
17 Dec
'03
5:17 p.m.
Kevin L Prigge wrote: A little birdie told me that Ian Goldberg said:
What we discovered is that, at least on the systems we checked (Solaris and HP-UX), the seed value for the RNG was fairly trivial to guess by someone with an account on the machine running netscape (so much so that in this situation, it usually takes less than 1 minute to find the key), and not too hard for people without accounts, either.
/ Makes one wonder what the seed is on a Windows implementation... / If it's only the time, you can probably approximate what the / clock is set to within a couple of minutes (if the timezone of the / client is known). Hah! Like a Cmos clock can *ever* keep a consistant time for more than two minutes...