From: “Jeff Weinstein” <jsw@netscape.com>
To: sameer <sameer@c2.org>
Message Hash: 6dc3836ecd65509469b3ddbc9c9c42d4f9d06a38ce31442596ef11af563da96f
Message ID: <9509200254.ZM206@tofuhut>
Reply To: <199509200825.BAA18996@infinity.c2.org>
UTC Datetime: 1995-09-20 09:58:26 UTC
Raw Date: Wed, 20 Sep 95 02:58:26 PDT
From: "Jeff Weinstein" <jsw@netscape.com>
Date: Wed, 20 Sep 95 02:58:26 PDT
To: sameer <sameer@c2.org>
Subject: Re: netscape's response
In-Reply-To: <199509200825.BAA18996@infinity.c2.org>
Message-ID: <9509200254.ZM206@tofuhut>
MIME-Version: 1.0
Content-Type: text/plain
On Sep 20, 1:25am, sameer wrote:
> Subject: Re: netscape's response
> > but someone who is trained in computer
> > security and cryptography implementation should *know* to check these
> > things.
>
> Upon consideration, I am going to retract this statement-- I
> suppose you can't check -everything-. (I still blame Netscape for
> shoddy crypto in the first place, just not Jeff in particular)
It turns out that Taher Elgamal and I started working here within
a week of each other, about 6 months ago. Neither of us thought to
take a serious look at the RNG seed code. I don't think that anyone
would accuse Taher of being an amateur in this area.
I for one just didn't think about it enough to realize that while
we got the RNG code from RSA, they did not provide seed code.
As for my background, I am not a trained cryptographer, but I do
understand protocols, did some internet security work as a sysadmin
while in school, and have had a casual interest in crypto stuff
for several years. If you want the gory details see my web page...
--Jeff
--
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.
Return to September 1995
Return to “sameer <sameer@c2.org>”