The Joy of Java
Bill Frantz
frantz at netcom.com
Sat Apr 27 01:55:15 PDT 1996
At 3:57 PM 4/26/96 -0700, Timothy C. May wrote:
>I think the interesting target date to plan for is a year from now.
I said a few months ago that I thought Java would be ready for prime time
in a couple of years. I think we are in complete agreement here.
>>(1) There are not many sources of high-quality entropy available to Java
>>applets. Keystroke timings and scribble windows are probably the best
>>sources, but may represent an inconvenience for users.
>
>Shouldn't be any worse or any better than with the status quo, right? I'm
>not sure I see the Java issue. (I've been looking at SoundClip and
>AudioClip, but only cursorily.)
I think it is a bit worse since an applet doesn't get access to a lot of
stuff a C program, or even better an OS gets. A C program has a lot of
environmental queries that might produce some entropy, although they would
also be available to an attacker on the same system. The OS has access to
interrupt times, mouse movements, and keyboard timings for ALL the
applications that have run since boot.
>By the way, Hal Finney is working on a bignum package.
I know. I have an (old) version on my disk. AFAIK, Hal is the most active
person developing crypto and crypto related Java code. He deserves thanks
from all of us.
Regards - Bill
------------------------------------------------------------------------
Bill Frantz | The CDA means | Periwinkle -- Computer Consulting
(408)356-8506 | lost jobs and | 16345 Englewood Ave.
frantz at netcom.com | dead teenagers | Los Gatos, CA 95032, USA
More information about the cypherpunks-legacy
mailing list