Netscape "random" number seed generator code available
David R. Conrad
drc at russell.moore.com
Tue Sep 26 05:42:01 PDT 1995
On Mon, 25 Sep 1995, Jim Gillogly wrote:
> > jsw at neon.netscape.com (Jeff Weinstein) writes:
> > More on the RNG stuff. On Unix systems we look for ~/.pgp/randseed.bin,
> > and feed it through the RNG hash.
>
> Interesting idea, but I have a (perhaps irrational) dislike for this idea.
> If Netscape wants to have its own netsceed.bin file to muck around with on
> my system, I'll authorize it to be set up, but I by god don't want it
> mucking around with my PGP setup. ...
I thought about this a bit, but I don't think that reading randseed.bin
counts as "mucking around with" the "PGP setup."
PGP launders randseed.bin before saving it for just this reason, so that
reading it won't reveal information on the user's session keys.
And the Netscape folks have published the source code which shows that
they only read the file and hash it with MD5. That the contents of
randseed.bin have been mixed into an MD5 hash with a bunch of other
things can hardly be called a security hole, in my estimation.
David R. Conrad, conrad at detroit.freenet.org, http://www.grfn.org/~conrad
Hardware & Software Committee -- Finger conrad at grfn.org for public key
Key fingerprint = 33 12 BC 77 48 81 99 A5 D8 9C 43 16 3C 37 0B 50
No, his mind is not for rent to any god or government.
More information about the cypherpunks-legacy
mailing list