1995-09-26 - Re: Security Update news release

Header Data

From: Bill Stewart <stewarts@ix.netcom.com>
To: cypherpunks@toad.com
Message Hash: 199c33167e183483d819985406f4ad1fbe8f6969556562cabcc95a7fd30ac77b
Message ID: <199509261941.MAA02266@ix6.ix.netcom.com>
Reply To: N/A
UTC Datetime: 1995-09-26 19:41:15 UTC
Raw Date: Tue, 26 Sep 95 12:41:15 PDT

Raw message

From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 26 Sep 95 12:41:15 PDT
To: cypherpunks@toad.com
Subject: Re: Security Update news release
Message-ID: <199509261941.MAA02266@ix6.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>>Do the new versions use PGP's randseed.bin? If Netscape even only looks at
>>data used to keep PGP secure,  Netscape will be banned from my computer
>>and every computer I am responsible for. -- For good.
>
>This is the second person who has expressed this sentiment. I don't
>understand it. If you believe that the possibility of randseed.bin
>getting out is dangerous, then why do you leave it online? Do you
>really trust every piece of software you run, every piece of software
>that can possibly access your machine over the net, to not look at
>that file?

It makes a little bit of sense - I'm not aware of any software,
other than PGP and now Netscape, that _explicitly_ goes after randseed.bin,
though of course just about anything can try.  

Assuming the code is inspectable (which it currently is), if I can
see that all it's going to do with the file is crunch it into MD5
along with a bunch of other stuff, I'm not too worried, even though
it is stealing slack(entropy) from PGP.
#---
# Bill Stewart, Freelance Information Architect, stewarts@ix.netcom.com
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281
#---






Thread