Re: Security Update news release
Do the new versions use PGP's randseed.bin? If Netscape even only looks at data used to keep PGP secure, Netscape will be banned from my computer and every computer I am responsible for. -- For good.
This is the second person who has expressed this sentiment. I don't understand it. If you believe that the possibility of randseed.bin getting out is dangerous, then why do you leave it online? Do you really trust every piece of software you run, every piece of software that can possibly access your machine over the net, to not look at that file?
It makes a little bit of sense - I'm not aware of any software, other than PGP and now Netscape, that _explicitly_ goes after randseed.bin, though of course just about anything can try. Assuming the code is inspectable (which it currently is), if I can see that all it's going to do with the file is crunch it into MD5 along with a bunch of other stuff, I'm not too worried, even though it is stealing slack(entropy) from PGP. #--- # Bill Stewart, Freelance Information Architect, stewarts@ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #---
In article <199509261941.MAA02266@ix6.ix.netcom.com>, stewarts@ix.netcom.com (Bill Stewart) writes:
Do the new versions use PGP's randseed.bin? If Netscape even only looks at data used to keep PGP secure, Netscape will be banned from my computer and every computer I am responsible for. -- For good.
This is the second person who has expressed this sentiment. I don't understand it. If you believe that the possibility of randseed.bin getting out is dangerous, then why do you leave it online? Do you really trust every piece of software you run, every piece of software that can possibly access your machine over the net, to not look at that file?
It makes a little bit of sense - I'm not aware of any software, other than PGP and now Netscape, that _explicitly_ goes after randseed.bin, though of course just about anything can try.
Netscape will not read randseed.bin. I've changed it to use an environment variable that names a user specified file to read. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.
participants (2)
-
Bill Stewart -
jsw@neon.netscape.com