17 Dec
2003
17 Dec
'03
11:17 p.m.
Timothy C. May writes:
Worse, idle speculation about possible security flaws seems wasteful.
Not always. A couple of months ago someone was asking what the fuss was about in making sure random number generators were secure. In describing potential problems with poor RNG seeds I "idly" speculated that if Netscape has a lousy RNG that it might be *lots* easier to attack that than the (then current) brute force attack was. A week or to later, Ian posted a reverse engineered copy of the Netscape RNG stuff, and a week or so after that announced his big hole. Occasionally, idle speculation sparks good ideas.