Mousepad RNG's?

paul at fatmans.demon.co.uk paul at fatmans.demon.co.uk
Sun Sep 29 12:01:15 PDT 1996


> At 8:13 PM -0700 9/27/96, James A. Donald wrote:
> 
>Some time ago, at a cypherpunks conference, people were making
>all sorts of ridiculous proposals for being really, really,
>really, sure that you had real entropy, and a prominent
>cypherpunk, possibly Tim May, said, "This is ridiculous:
>Nobody ever broke good crypto through weakness in the
>source of truly random numbers".  Sometime after that
>Netscape was broken through weakness in the source of
>truly random numbers.

This is correct only in the first part, it is true that good 
cryptography has never been documentably broken through weaknesses in 
a real random source.

The netscape attack was on the PRNG used in netscape, the proverbial 
state of sin. I don`t know what PRNG netscape used in the broken 
version, can anyone tell me what they used, and whether it was the 
PRNG or the seed that was weak, also I would be interested to know 
what they are using now in terms of the algorithm and seed...

 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul at fatmans.demon.co.uk
  Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"






More information about the cypherpunks-legacy mailing list