The New York Times, September 19, 1995, pp. A1, D21. ... Netscape officials said today that they would strengthen the system, by making it significantly harder to determine the random number at the heart of their coding system. They said they would no longer disclose what data would be used to generate the random numbers.
and from the WSJ article:
"The information we were using to create the key is now a known set of information," said Jeffrey Treuhaft, security product manager for Netscape.
It sounds as if Netscape thinks that public knowledge of the key generation is part of the problem. I hope somebody on the security team convinces management that entropy is more important than publicity. (This could be a result of journalistic cluelessness, but it came up in two independent articles. It's enough to worry me.) -- Eli Brandt eli+@cs.cmu.edu (back from a nice long mailing-list vacation -- it's nice to see that cpunks is still at the cutting edge. for them what cares, I'm now a Ph.D. student at the CMU CS program...)