1995-09-19 - Re: NYT on Netscape Crack
Header Data
From: m5@dev.tivoli.com (Mike McNally)
To: Eric Young <eay@mincom.oz.au>
Message Hash: 001d1dfe5ac7ac28030d7dd0241deb6489b916a6a690f84117f1d9c11577d4a8
Message ID: <9509191238.AA09042@alpha>
Reply To: <43lu3k$7q6@tera.mcom.com>
UTC Datetime: 1995-09-19 12:40:36 UTC
Raw Date: Tue, 19 Sep 95 05:40:36 PDT
Raw message
From: m5@dev.tivoli.com (Mike McNally)
Date: Tue, 19 Sep 95 05:40:36 PDT
To: Eric Young <eay@mincom.oz.au>
Subject: Re: NYT on Netscape Crack
In-Reply-To: <43lu3k$7q6@tera.mcom.com>
Message-ID: <9509191238.AA09042@alpha>
MIME-Version: 1.0
Content-Type: text/plain
Eric Young writes:
> > Sigh. For your information the security code for 1.x versions of
> > netscape was not even written by someone from NCSA. The current
> > security team (which does not include the person who did the 1.x
> > version) also does not include anyone from NCSA. While I can't
>
> I will defend Netscapes code on the point about the RNG even though I
> have not seen any. I assume the Netscape code is quite large and each
> release would have to pass various fuctionality tests. How can you test
> that the RND seeding is wrong?
The seeding isn't "wrong"; it's a design flaw. (At least that's my
understanding; maybe I missed something.)
> You have to actually look at the code, the number coming out are
> still random.
Two words: "design review".
> This sort of error can only be checked by reading the code and
> specifically looking at critical routines like this the RNG seeding
> routines.
Uhh... OK. Sounds like a plan to me. For critical pieces of code
like that, having repeated exhaustive design/implementation reviews
should be a matter of course.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Nobody's going to listen to you if you just | Mike McNally (m5@tivoli.com) |
| stand there and flap your arms like a fish. | Tivoli Systems, Austin TX |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thread
Return to September 1995
- Return to “Adam Shostack <adam@homeport.org>”
- Return to “Black Unicorn <unicorn@polaris.mindport.net>”
- Return to “Eli Brandt <eli@UX3.SP.CS.CMU.EDU>”
- Return to “Eric Young <eay@mincom.oz.au>”
- Return to “hallam@w3.org”
- Return to “John Young <jya@pipeline.com>”
- Return to “jsw@neon.netscape.com (Jeff Weinstein)”
- Return to “m5@dev.tivoli.com (Mike McNally)”
- Return to ““Perry E. Metzger” <perry@piermont.com>”
- Return to “Ray Cromwell <rjc@clark.net>”
- Return to “sameer <sameer@c2.org>”
- Return to “shields@tembel.org (Michael Shields)”
Return to “Thomas Grant Edwards <tedwards@Glue.umd.edu>”
- 1995-09-19 (Mon, 18 Sep 95 20:35:19 PDT) - NYT on Netscape Crack - John Young <jya@pipeline.com>
- 1995-09-19 (Mon, 18 Sep 95 20:55:59 PDT) - Re: NYT on Netscape Crack - “Perry E. Metzger” <perry@piermont.com>
- 1995-09-19 (Mon, 18 Sep 95 21:20:38 PDT) - Re: NYT on Netscape Crack - Black Unicorn <unicorn@polaris.mindport.net>
- 1995-09-19 (Mon, 18 Sep 95 21:28:11 PDT) - Re: NYT on Netscape Crack - “Perry E. Metzger” <perry@piermont.com>
- 1995-09-19 (Mon, 18 Sep 95 21:28:51 PDT) - Re: NYT on Netscape Crack - “Perry E. Metzger” <perry@piermont.com>
- 1995-09-19 (Mon, 18 Sep 95 22:02:45 PDT) - Re: NYT on Netscape Crack - sameer <sameer@c2.org>
- 1995-09-19 (Tue, 19 Sep 95 00:03:38 PDT) - Re: NYT on Netscape Crack - Ray Cromwell <rjc@clark.net>
- 1995-09-19 (Tue, 19 Sep 95 00:18:35 PDT) - Re: NYT on Netscape Crack - sameer <sameer@c2.org>
- 1995-09-19 (Tue, 19 Sep 95 00:34:36 PDT) - Re: NYT on Netscape Crack - Ray Cromwell <rjc@clark.net>
- 1995-09-19 (Tue, 19 Sep 95 00:53:18 PDT) - Re: NYT on Netscape Crack - sameer <sameer@c2.org>
- 1995-09-20 (Tue, 19 Sep 95 23:49:33 PDT) - Re: NYT on Netscape Crack - shields@tembel.org (Michael Shields)
- 1995-09-19 (Tue, 19 Sep 95 00:53:18 PDT) - Re: NYT on Netscape Crack - sameer <sameer@c2.org>
- 1995-09-19 (Tue, 19 Sep 95 06:49:50 PDT) - Re: NYT on Netscape Crack - Adam Shostack <adam@homeport.org>
- 1995-09-19 (Tue, 19 Sep 95 07:00:23 PDT) - Re: NYT on Netscape Crack - sameer <sameer@c2.org>
- 1995-09-19 (Tue, 19 Sep 95 00:34:36 PDT) - Re: NYT on Netscape Crack - Ray Cromwell <rjc@clark.net>
- 1995-09-19 (Tue, 19 Sep 95 08:49:43 PDT) - Re: NYT on Netscape Crack - hallam@w3.org
- 1995-09-19 (Tue, 19 Sep 95 00:18:35 PDT) - Re: NYT on Netscape Crack - sameer <sameer@c2.org>
- 1995-09-19 (Tue, 19 Sep 95 12:38:35 PDT) - Re: NYT on Netscape Crack - Thomas Grant Edwards <tedwards@Glue.umd.edu>
- 1995-09-19 (Mon, 18 Sep 95 21:20:38 PDT) - Re: NYT on Netscape Crack - Black Unicorn <unicorn@polaris.mindport.net>
- 1995-09-19 (Mon, 18 Sep 95 21:15:19 PDT) - Re: NYT on Netscape Crack - Black Unicorn <unicorn@polaris.mindport.net>
- 1995-09-19 (Tue, 19 Sep 95 01:14:28 PDT) - Re: NYT on Netscape Crack - jsw@neon.netscape.com (Jeff Weinstein)
- 1995-09-19 (Tue, 19 Sep 95 03:16:22 PDT) - Re: NYT on Netscape Crack - Eric Young <eay@mincom.oz.au>
- 1995-09-19 (Tue, 19 Sep 95 05:40:36 PDT) - Re: NYT on Netscape Crack - m5@dev.tivoli.com (Mike McNally)
- 1995-09-20 (Tue, 19 Sep 95 20:26:45 PDT) - Re: NYT on Netscape Crack - “Perry E. Metzger” <perry@piermont.com>
- 1995-09-20 (Tue, 19 Sep 95 21:05:58 PDT) - Re: NYT on Netscape Crack - Ray Cromwell <rjc@clark.net>
- 1995-09-20 (Wed, 20 Sep 95 07:05:47 PDT) - Re: NYT on Netscape Crack - “Perry E. Metzger” <perry@piermont.com>
- 1995-09-20 (Tue, 19 Sep 95 21:05:58 PDT) - Re: NYT on Netscape Crack - Ray Cromwell <rjc@clark.net>
- 1995-09-19 (Tue, 19 Sep 95 07:38:57 PDT) - Re: NYT on Netscape Crack - Eli Brandt <eli@UX3.SP.CS.CMU.EDU>
- 1995-09-19 (Tue, 19 Sep 95 13:09:56 PDT) - Re: NYT on Netscape Crack - Thomas Grant Edwards <tedwards@Glue.umd.edu>
- 1995-09-19 (Mon, 18 Sep 95 20:55:59 PDT) - Re: NYT on Netscape Crack - “Perry E. Metzger” <perry@piermont.com>