1995-09-27 - Re: Security Update news release

Header Data

From: jsw@neon.netscape.com (Jeff Weinstein)
To: cypherpunks@toad.com
Message Hash: 9a9f7653db81ce9814776ab074a1ee3f15d80b2f5047a08cb548226ba4849d8c
Message ID: <44cj4k$oee@tera.mcom.com>
Reply To: <199509261941.MAA02266@ix6.ix.netcom.com>
UTC Datetime: 1995-09-27 22:28:27 UTC
Raw Date: Wed, 27 Sep 95 15:28:27 PDT

Raw message

From: jsw@neon.netscape.com (Jeff Weinstein)
Date: Wed, 27 Sep 95 15:28:27 PDT
To: cypherpunks@toad.com
Subject: Re: Security Update news release
In-Reply-To: <199509261941.MAA02266@ix6.ix.netcom.com>
Message-ID: <44cj4k$oee@tera.mcom.com>
MIME-Version: 1.0
Content-Type: text/plain


In article <199509261941.MAA02266@ix6.ix.netcom.com>, stewarts@ix.netcom.com (Bill Stewart) writes:
> >>Do the new versions use PGP's randseed.bin? If Netscape even only looks at
> >>data used to keep PGP secure,  Netscape will be banned from my computer
> >>and every computer I am responsible for. -- For good.
> >
> >This is the second person who has expressed this sentiment. I don't
> >understand it. If you believe that the possibility of randseed.bin
> >getting out is dangerous, then why do you leave it online? Do you
> >really trust every piece of software you run, every piece of software
> >that can possibly access your machine over the net, to not look at
> >that file?
> 
> It makes a little bit of sense - I'm not aware of any software,
> other than PGP and now Netscape, that _explicitly_ goes after randseed.bin,
> though of course just about anything can try.  

  Netscape will not read randseed.bin.  I've changed it to use an environment
variable that names a user specified file to read.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.





Thread