Mousepad RNG's?
paul at fatmans.demon.co.uk
paul at fatmans.demon.co.uk
Sun Sep 29 12:01:15 PDT 1996
> At 8:13 PM -0700 9/27/96, James A. Donald wrote:
>
>Some time ago, at a cypherpunks conference, people were making
>all sorts of ridiculous proposals for being really, really,
>really, sure that you had real entropy, and a prominent
>cypherpunk, possibly Tim May, said, "This is ridiculous:
>Nobody ever broke good crypto through weakness in the
>source of truly random numbers". Sometime after that
>Netscape was broken through weakness in the source of
>truly random numbers.
This is correct only in the first part, it is true that good
cryptography has never been documentably broken through weaknesses in
a real random source.
The netscape attack was on the PRNG used in netscape, the proverbial
state of sin. I don`t know what PRNG netscape used in the broken
version, can anyone tell me what they used, and whether it was the
PRNG or the seed that was weak, also I would be interested to know
what they are using now in terms of the algorithm and seed...
Datacomms Technologies web authoring and data security
Paul Bradley, Paul at fatmans.demon.co.uk
Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org
Http://www.cryptography.home.ml.org/
Email for PGP public key, ID: 5BBFAEB1
"Don`t forget to mount a scratch monkey"
More information about the Testlist
mailing list