-----BEGIN PGP SIGNED MESSAGE----- Jeff-- First of all, let me commend you for your honesty and forthrightness in owning up to the problem. I applaud it both as a cypherpunk and as one of the guys at Intergraph who pushed really hard to get an OEM agreement with NCC.
If the Navigator is running on a Mac or PC, then the two seeds are the current time and the "tick count", which is milliseconds since starting windows for the PC version, and some time unit since booting on the Mac.
The Mac tick unit is 1/60th of a second, and TickCount() returns the number of ticks since the system was booted. I think you could safely narrow the range down to between 0 and (3600 * 24 * 60 =) 5,184,000, or about 24 bits. That's better than on the Unix boxes, but not insurmountable.
This was a bad mistake on our part, and we are working hard to fix it. We have been trying to identify sources of random bits on PCs, Macs, and all of the many unix platforms we support. We are looking at stuff that is system dependent, user dependent, hardware dependent, random external sources such as the network and the user. If anyone has specific suggestions I would love to hear them so that we can do a better job.
I wouldn't consider the network to be suitably random. How many of your users are using Netscape over high-latency, low-speed 14.4 PPP/SLIP links? A lot, I'd bet. Not much good-quality randomness there.
"Netscape has also begun to engage an external group of world-class security experts who will review our solution to this problem before it is sent to customers."
A group which offered to review the first version, but Netscape refused.
Do you mean that cypherpunks offered to review the netscape code if only we made all the source available on the net? I think that it is unrealistic to expect us to release all of our source code to the net.
Unrealistic to expect, yes. Unreasonable to ask? Maybe not.
I realize that some cypherpunks think that we should make all of our code publicly available. In an ideal world that would be great, but we live in a world with politicians, crooks, lawyers, stockholders, etc... Don't expect to see us posting our entire security library source code to cypherpunks.
That's probably not the most likely thing-- but why not allow people with some security & crypto background _from this list_ see the code, under NDA, for review? Jim Gillogly, Hal Finney, and several others have show a past talent for that sort of thing. Frankly, a signed message from, say, Hal saying "I've looked over the code and it looks pretty good" would carry a lot of water with me. In turn, I could communicate my warm fuzzy feeling to the dozen or so people that asked me about the security flaw yesterday, including our network ops guy. Cheers, - -Paul - -- Paul Robichaux, KD4JZG | "Things are much simpler and less stressful perobich@ingr.com | when you don't look to the law to fix things." Not speaking for Intergraph | - Tim May (tcmay@got.net) on cypherpunks Be a cryptography user. Ask me how. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMGANAafb4pLe9tolAQH+uQP7B7XvqVGnN4rDnSNth2PyVio5W5CpuA2U DgWwjV1DqPJCzA4BmM3/rRlYYG8Z2d50i5zb0XD6XbMi6bpkc9fGBZ6156p7sKa1 DDk8hWAr+BvIcuYTC2irRTee7462YBjsBvwOiFVV+0/Wdbg2gjGfPgcmsxmzqi4R Tby1/d2Pr6c= =xm2W -----END PGP SIGNATURE-----