At 3:57 PM 4/26/96 -0700, Timothy C. May wrote:

I think the interesting target date to plan for is a year from now.

I said a few months ago that I thought Java would be ready for prime time in a couple of years. I think we are in complete agreement here.

...

(1) There are not many sources of high-quality entropy available to Java applets. Keystroke timings and scribble windows are probably the best sources, but may represent an inconvenience for users.

Shouldn't be any worse or any better than with the status quo, right? I'm not sure I see the Java issue. (I've been looking at SoundClip and AudioClip, but only cursorily.)

I think it is a bit worse since an applet doesn't get access to a lot of stuff a C program, or even better an OS gets. A C program has a lot of environmental queries that might produce some entropy, although they would also be available to an attacker on the same system. The OS has access to interrupt times, mouse movements, and keyboard timings for ALL the applications that have run since boot.

By the way, Hal Finney is working on a bignum package.

I know. I have an (old) version on my disk. AFAIK, Hal is the most active person developing crypto and crypto related Java code. He deserves thanks from all of us. Regards - Bill ------------------------------------------------------------------------ Bill Frantz | The CDA means | Periwinkle -- Computer Consulting (408)356-8506 | lost jobs and | 16345 Englewood Ave. frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA