1995-09-25 - Re: Netscape “random” number seed generator code available
Header Data
From: Bob Snyder <rsnyder@janet.advsys.com>
To: jsw@neon.netscape.com (Jeff Weinstein)
Message Hash: 43eed0c213b6c6aa032b9cd872bb03889879a78eedf3f78bd4be7df302e4bb4e
Message ID: <199509251138.HAA18954@janet.advsys.com>
Reply To: <445j6k$h03@tera.mcom.com>
UTC Datetime: 1995-09-25 17:24:53 UTC
Raw Date: Mon, 25 Sep 95 10:24:53 PDT
Raw message
From: Bob Snyder <rsnyder@janet.advsys.com>
Date: Mon, 25 Sep 95 10:24:53 PDT
To: jsw@neon.netscape.com (Jeff Weinstein)
Subject: Re: Netscape "random" number seed generator code available
In-Reply-To: <445j6k$h03@tera.mcom.com>
Message-ID: <199509251138.HAA18954@janet.advsys.com>
MIME-Version: 1.0
Content-Type: text/plain
jsw@neon.netscape.com said:
> More on the RNG stuff. On Unix systems we look for ~/.pgp/
> randseed.bin, and feed it through the RNG hash. On Unix and PC
> systems we feed the environment through the hash, so that would be a
> good place for a concerned user to put some random stuff of their
> own.
For UNIX, including the environment is pretty useless for determining a seed.
On BSD-style machines, try a ps -uxeww. The environment is known by anyone who
has access to the machine when the seed is generated, and possibly to many
others, since some machines have SNMP daemons that will give out the process
table, or may have the systat "service" turned on.
The later two may not include the environment on most machines, but I believe
it concievably could, and may be implimentation specific from UNIX to UNIX.
I greatly applaud Netscape for "going public" with this information, and
remaining open to suggestions despite the bad publicity it has been getting.
One of the large corporations I work with is looking to do an electronic
commerce with some pretty amazing $ amounts soon (at least, amazing to me),
and I know I'm going to be asked about the security breaks. I feel confident
that I can tell them exactly what is wrong, and what Netscape is doing to fix
it, and that I don't think it should be a matter for great concern. I'm not
sure I could have done that had Netscape done nothing but issue the press
release and weather the bad press in silence.
Bob
Thread
Return to September 1995
- Return to “Adam Shostack <adam@lighthouse.homeport.org>”
- Return to “Bob Snyder <rsnyder@janet.advsys.com>”
- Return to ““David J. Bianco” <bianco@itribe.net>”
- Return to ““David R. Conrad” <drc@russell.moore.com>”
- Return to “Jim Gillogly <jim@acm.org>”
- Return to “Jon Mittelhauser <jonm@netscape.com>”
- Return to “jsw@neon.netscape.com (Jeff Weinstein)”
- Return to “karlton@neon.netscape.com (Phil Karlton)”
- Return to ““Perry E. Metzger” <perry@piermont.com>”
Return to “Phil Karlton <karlton@netscape.com>”
- 1995-09-25 (Sun, 24 Sep 95 19:39:47 PDT) - Netscape “random” number seed generator code available - karlton@neon.netscape.com (Phil Karlton)
- 1995-09-25 (Sun, 24 Sep 95 23:43:25 PDT) - Re: Netscape “random” number seed generator code available - jsw@neon.netscape.com (Jeff Weinstein)
- 1995-09-25 (Sun, 24 Sep 95 23:46:33 PDT) - Re: Netscape “random” number seed generator code available - jsw@neon.netscape.com (Jeff Weinstein)
- 1995-09-25 (Mon, 25 Sep 95 10:05:33 PDT) - Re: Netscape “random” number seed generator code available - Adam Shostack <adam@lighthouse.homeport.org>
- 1995-09-25 (Mon, 25 Sep 95 10:14:56 PDT) - Re: Netscape “random” number seed generator code available - Jim Gillogly <jim@acm.org>
- 1995-09-26 (Tue, 26 Sep 95 05:42:01 PDT) - Re: Netscape “random” number seed generator code available - “David R. Conrad” <drc@russell.moore.com>
- 1995-09-25 (Mon, 25 Sep 95 10:22:06 PDT) - Re: Netscape “random” number seed generator code available - “Perry E. Metzger” <perry@piermont.com>
- 1995-09-25 (Mon, 25 Sep 95 10:24:53 PDT) - Re: Netscape “random” number seed generator code available - Bob Snyder <rsnyder@janet.advsys.com>
- 1995-09-25 (Mon, 25 Sep 95 11:19:15 PDT) - Re: Netscape “random” number seed generator code available - Jon Mittelhauser <jonm@netscape.com>
- 1995-09-25 (Mon, 25 Sep 95 10:09:45 PDT) - Re: Netscape “random” number seed generator code available - “David J. Bianco” <bianco@itribe.net>
- 1995-09-25 (Mon, 25 Sep 95 15:13:06 PDT) - Re: Netscape “random” number seed generator code available - jsw@neon.netscape.com (Jeff Weinstein)
- 1995-09-25 (Mon, 25 Sep 95 14:43:02 PDT) - Re: Netscape “random” number seed generator code available - Phil Karlton <karlton@netscape.com>