Re: netscape's response
NOTE: my first attempt to send this bounced at toad.com On Sep 20, 5:16pm, David_A Wagner wrote:
Subject: Re: netscape's response In article <9509200139.ZM206@tofuhut> you write:
On Sep 20, 12:29am, Christian Wettergren wrote:
One wild idea that I just got was to have servers and clients exchange random numbers (not seeds of course), in a kind of chaining way. Since most viewers connect to a number of servers, and all servers are connected to by many clients, they would mix "randomness sources" with each other, making it impossible to observe the local environment only. And the random values would of course be encrypted under the session key, making it impossible to "watch the wire".
Wow, this is a great idea!!
Are you quite sure this is a good idea?
I'd be very scared of it. In particular, it opens up the chance for adversaries to feed you specially chosen numbers to pollute your seeds.
What I should have said is that its a very interesting idea. Given current perceptions of netscape, I should have made clear that I wouldn't do something like this without getting a lot more discussion and review of possible dangers and how to avoid them. I certainly can't fault anyone for wondering if we would just implement this without thinking it through, given recent events. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.
On Wed, 20 Sep 1995, Jeff Weinstein wrote:
NOTE: my first attempt to send this bounced at toad.com
On Sep 20, 5:16pm, David_A Wagner wrote:
Subject: Re: netscape's response In article <9509200139.ZM206@tofuhut> you write:
On Sep 20, 12:29am, Christian Wettergren wrote:
One wild idea that I just got was to have servers and clients exchange random numbers (not seeds of course), in a kind of chaining way. Since most viewers connect to a number of servers, and all servers are connected to by many clients, they would mix "randomness sources" with each other, making it impossible to observe the local environment only. And the random values would of course be encrypted under the session key, making it impossible to "watch the wire".
Wow, this is a great idea!!
Are you quite sure this is a good idea?
I'd be very scared of it. In particular, it opens up the chance for adversaries to feed you specially chosen numbers to pollute your seeds.
Suppose you divide your random material into several parts: A: Userinput (updated from Keystroke timing etc.) B: 'Random' numbers from remote server C: Time, pid, ppid, etc.. D: other... Whenever you want to incorporate new data into B you could do something like: B = B xor Hash (A,B,C,D, fresh 'random') This would be very hard to pollute with well chosen input.
What I should have said is that its a very interesting idea. Given current perceptions of netscape, I should have made clear that I wouldn't do something like this without getting a lot more discussion and review of possible dangers and how to avoid them. I certainly can't fault anyone for wondering if we would just implement this without thinking it through, given recent events.
Frank
participants (2)
-
Frank A Stevenson -
Jeff Weinstein