At 8:13 PM -0700 9/27/96, James A. Donald wrote:

Some time ago, at a cypherpunks conference, people were making all sorts of ridiculous proposals for being really, really, really, sure that you had real entropy, and a prominent cypherpunk, possibly Tim May, said, "This is ridiculous: Nobody ever broke good crypto through weakness in the source of truly random numbers". Sometime after that Netscape was broken through weakness in the source of truly random numbers.

This is correct only in the first part, it is true that good cryptography has never been documentably broken through weaknesses in a real random source. The netscape attack was on the PRNG used in netscape, the proverbial state of sin. I don`t know what PRNG netscape used in the broken version, can anyone tell me what they used, and whether it was the PRNG or the seed that was weak, also I would be interested to know what they are using now in terms of the algorithm and seed... Datacomms Technologies web authoring and data security Paul Bradley, Paul@fatmans.demon.co.uk Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org Http://www.cryptography.home.ml.org/ Email for PGP public key, ID: 5BBFAEB1 "Don`t forget to mount a scratch monkey"