I just glanced at the new Netscape RNG source. I don't really see anything bad, but I haven't analyzed it. However, I'm curious as to why variables like the username or the language locality are used as sources of entropy. These seem to provide almost nil. The username is going to be pretty much constant. In fact, even the current directory which is used as a seed can't provide more than a few bits of entropy. In all probability, the user name will usually be the same, and so will the current directory (and how many directories are there? 65,000 would only give you 16 bits of entropy, assuming you get a directory listing from the machine) I'm thinking from the standpoint of someone gathering data on someone or some server to mount a specific attack. a "most common directories on the macintosh" file for instance could be used to attack the current directory method. Using those sources probably can't hurt, they just seemed like odd choices, "grasping for straws" so to speak. Nevertheless, I would like to commend Netscape for releasing the source code for public review. You guys are clearly an intelligent company, in both your current developments, but also the way you have handled this bad press. -Ray p.s. i hope you guys do a good internal review of your code to remove buffer overflow bugs
In article <199509250649.CAA27099@clark.net>, rjc@clark.net (Ray Cromwell) writes:
I'm thinking from the standpoint of someone gathering data on someone or some server to mount a specific attack. a "most common directories on the macintosh" file for instance could be used to attack the current directory method.
Using those sources probably can't hurt, they just seemed like odd choices, "grasping for straws" so to speak.
I'd rather think of it as a "kitchen sink" approach :-). We are looking for bits wherever we can find them. We are not experts in the internals of all of our supported systems, so any suggestions people could provide for more high quality sources on specific systems would be appreciated.
Nevertheless, I would like to commend Netscape for releasing the source code for public review. You guys are clearly an intelligent company, in both your current developments, but also the way you have handled this bad press.
I'd like to add that management has been very supportive of this idea. Barksdale was in the cellular industry when their security through obscurity measures failed, so he knew exactly what we were talking about.
p.s. i hope you guys do a good internal review of your code to remove buffer overflow bugs
We have had code reviews. We will be fixing several of this sort of bug in the upcoming patch. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.
On Mon, 25 Sep 1995, Ray Cromwell wrote:
I just glanced at the new Netscape RNG source. I don't really see anything bad, but I haven't analyzed it. However, I'm curious as to why variables like the username or the language locality are used as sources of entropy. These seem to provide almost nil.
I, too, have only skimmed the code briefly. [Lots of good stuff deleted]
Using those sources probably can't hurt, they just seemed like odd choices, "grasping for straws" so to speak.
What isn't clear to me is how much entropy they are assigning to these sources. Certainly if they manage to get at least 128 bits of entropy then it doesn't matter how many non-random bits they mix into the hash. I think they are simply throwing everything but the kitchen sink in, and assuming that the overall result will be a sufficient number of bits of entropy. But it would be nice to at least see a few comments on how many bits they expect each individual source to provide. I also noticed that they use $HOME/.pgp/randseed.bin under unix, but they don't bother with %PGPPATH%\RANDSEED.BIN on PCs. I've sent Jeff a private message about this. David R. Conrad, conrad@detroit.freenet.org, http://www.grfn.org/~conrad Hardware & Software Committee -- Finger conrad@grfn.org for public key Key fingerprint = 33 12 BC 77 48 81 99 A5 D8 9C 43 16 3C 37 0B 50 No, his mind is not for rent to any god or government.
In article <Pine.LNX.3.91.950926072411.866D-100000@russell.moore.com>, drc@russell.moore.com (David R. Conrad) writes:
I also noticed that they use $HOME/.pgp/randseed.bin under unix, but they don't bother with %PGPPATH%\RANDSEED.BIN on PCs. I've sent Jeff a private message about this.
As noted in a previous message, I've replaced the hardcoded randseed.bin with an environment variable that names a file to pass through the seed hash. This is only on the unix version for now, but I plan to put it into the PC version for 2.0. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.
participants (3)
-
David R. Conrad -
jsw@neon.netscape.com -
Ray Cromwell