[45166] in Cypherpunks
Re: NSA rigs Crypto machines according to Balto Sun
daemon@ATHENA.MIT.EDU (Peter Wayner)
Mon Dec 11 13:05:41 1995
Date: Mon, 11 Dec 1995 12:51:52 -0500
To: cypherpunks@toad.com
From: pcw@access.digex.net (Peter Wayner)
At 11:14 AM 12/11/95, hallam@w3.org wrote:
>>So, is this what happened at Crypto AG? Is this what happened at
>>Netscape? We may never no for certain, but there is a final
>>warning for the folks at Netscape that is buried the Sun's
>>article about Crypto AG:
>
>No it is nothing like what happened at Netscape which was a common or
>garden cock up. It was simply the result of miscommunication between
>two groups of people being the original and new security team. Taher
>et al thought that the random number seed was OK because they discovered
>a design document describing it. Unfortunately the code had not been
>written to implement that design.
>
> Phill
Thanks for the deeper insight. Sure it was probably a mistake. But someone
made the decision to write code that didn't conform to that design document.
That person was probably saying, "Random number generator. Cool. I can use
the standard C library." or whatever. But that person could have been saying,
"Hey, if I slip this in then I'll be able to snag the session
keys with impunity."
We'll never know for sure.
-Peter
