[39565] in Cypherpunks
Re: netscape's response
daemon@ATHENA.MIT.EDU (Jeff Weinstein)
Wed Sep 20 06:00:47 1995
From: "Jeff Weinstein" <jsw@netscape.com>
Date: Wed, 20 Sep 1995 02:54:40 -0700
In-Reply-To: sameer <sameer@c2.org>
"Re: netscape's response" (Sep 20, 1:25am)
To: sameer <sameer@c2.org>
Cc: cypherpunks@toad.com
On Sep 20, 1:25am, sameer wrote:
> Subject: Re: netscape's response
> > but someone who is trained in computer
> > security and cryptography implementation should *know* to check these
> > things.
>
> Upon consideration, I am going to retract this statement-- I
> suppose you can't check -everything-. (I still blame Netscape for
> shoddy crypto in the first place, just not Jeff in particular)
It turns out that Taher Elgamal and I started working here within
a week of each other, about 6 months ago. Neither of us thought to
take a serious look at the RNG seed code. I don't think that anyone
would accuse Taher of being an amateur in this area.
I for one just didn't think about it enough to realize that while
we got the RNG code from RSA, they did not provide seed code.
As for my background, I am not a trained cryptographer, but I do
understand protocols, did some internet security work as a sysadmin
while in school, and have had a casual interest in crypto stuff
for several years. If you want the gory details see my web page...
--Jeff
--
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.
