1995-09-19 - Re: NYT on Netscape Crack

Header Data

From: sameer <sameer@c2.org>
To: perry@piermont.com
Message Hash: a92739ade6638bdee619c001b04f2743908f464e5fdec8c2cc65c8599c6a35e3
Message ID: <199509190457.VAA20451@infinity.c2.org>
Reply To: <199509190355.XAA01329@frankenstein.piermont.com>
UTC Datetime: 1995-09-19 05:02:45 UTC
Raw Date: Mon, 18 Sep 95 22:02:45 PDT

Raw message

From: sameer <sameer@c2.org>
Date: Mon, 18 Sep 95 22:02:45 PDT
To: perry@piermont.com
Subject: Re: NYT on Netscape Crack
In-Reply-To: <199509190355.XAA01329@frankenstein.piermont.com>
Message-ID: <199509190457.VAA20451@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Not, of course, that they disclosed it before -- it was found by
> reverse engineering the distributed executable. Not, of course, that
> they have a choice in the matter of whether to disclose it -- they
> will be "disclosing" how its done as soon as they release the
> code. Not, of course, that security through obscurity does any good --
> it just magnifies the pain.

	Once netscape is patched with a stronger PRNG if someone can
crack -that- one too, then they will get a T-shirt as well. Perhaps I
should offer the t-shirt for just revealing the algorithim used w/o
actually cracking it, just to deal with that statement from "Netscape
officials".
	I emphasized in my conversation with the SFChronicle today
that 'security by obscurity' doesn't work. Hopefully that will be
reflected in the article.

-- 
sameer						Voice:   510-601-9777
Network Administrator				FAX:	 510-601-9734
Community ConneXion: The NEXUS-Berkeley		Dialin:  510-658-6376
http://www.c2.org (or login as "guest")			sameer@c2.org




Thread