Reducing the Flames, Attacks, and Nit-Pickings
Scott Brickner
sjb at universe.digex.net
Mon Oct 23 18:33:51 PDT 1995
Timothy C. May writes:
>Worse, idle speculation about possible security flaws seems wasteful.
Not always. A couple of months ago someone was asking what the fuss
was about in making sure random number generators were secure. In
describing potential problems with poor RNG seeds I "idly" speculated
that if Netscape has a lousy RNG that it might be *lots* easier to
attack that than the (then current) brute force attack was.
A week or to later, Ian posted a reverse engineered copy of the
Netscape RNG stuff, and a week or so after that announced his big
hole.
Occasionally, idle speculation sparks good ideas.
More information about the cypherpunks-legacy
mailing list