1995-09-26 - Re: real randomness for netscape - user clicking mouse

Header Data

From: Vincent Cate <vince@offshore.com.ai>
To: jirib@cs.monash.edu.au
Message Hash: 6b5298ed1bead22a9682977d300ac0364829f38eeaf5ccf9c7058cf8810af6e4
Message ID: <Pine.3.89.9509261538.C922-0100000@offshore.com.ai>
Reply To: <199509250402.OAA17312@sweeney.cs.monash.edu.au>
UTC Datetime: 1995-09-26 19:42:27 UTC
Raw Date: Tue, 26 Sep 95 12:42:27 PDT

Raw message

From: Vincent Cate <vince@offshore.com.ai>
Date: Tue, 26 Sep 95 12:42:27 PDT
To: jirib@cs.monash.edu.au
Subject: Re: real randomness for netscape - user clicking mouse
In-Reply-To: <199509250402.OAA17312@sweeney.cs.monash.edu.au>
Message-ID: <Pine.3.89.9509261538.C922-0100000@offshore.com.ai>
MIME-Version: 1.0
Content-Type: text/plain




While it is true that on some versions of X you can watch mouse events on
other peoples computers, it is also true that on some versions you can
watch keyboard input.  At CMU Bennet Yee wrote a program to get peoples
passwords as they typed them in using X's poor/non-existent security back
then.  This was before xauth. 

I still think that the low bits of the mouses X and Y positions as the
user moves the mouse around the screen are a very good source of random
bits for Netscape.

   --  Vince





Thread