[39440] in Cypherpunks
Re: NYT on Netscape Crack
daemon@ATHENA.MIT.EDU (Eli Brandt)
Tue Sep 19 10:41:58 1995
To: cypherpunks@toad.com
Date: Tue, 19 Sep 1995 10:38:25 -0400 (EDT)
From: Eli Brandt <eli@UX3.SP.CS.CMU.EDU>
In-Reply-To: <199509190300.XAA05027@pipe4.nyc.pipeline.com> from "John Young" at Sep 18, 95 11:00:27 pm
> The New York Times, September 19, 1995, pp. A1, D21.
...
> Netscape officials said today that they would strengthen
> the system, by making it significantly harder to determine
> the random number at the heart of their coding system. They
> said they would no longer disclose what data would be used
> to generate the random numbers.
and from the WSJ article:
> "The information we were using to create the key is now a known set of
> information," said Jeffrey Treuhaft, security product manager for Netscape.
It sounds as if Netscape thinks that public knowledge of the key
generation is part of the problem. I hope somebody on the security
team convinces management that entropy is more important than publicity.
(This could be a result of journalistic cluelessness, but it came up in
two independent articles. It's enough to worry me.)
--
Eli Brandt
eli+@cs.cmu.edu
(back from a nice long mailing-list vacation -- it's nice to see that
cpunks is still at the cutting edge. for them what cares, I'm now
a Ph.D. student at the CMU CS program...)
