From: nelson@santafe.edu (Nelson Minar)
To: cypherpunks@toad.com
Message Hash: bed1be9bbe5371eaea054cc2835f633ef9b189bf79bb917a8ba62dcb8e767249
Message ID: <9509210631.AA18308@sfi.santafe.edu>
Reply To: <199509202041.NAA07036@comsec.com>
UTC Datetime: 1995-09-21 06:32:31 UTC
Raw Date: Wed, 20 Sep 95 23:32:31 PDT
From: nelson@santafe.edu (Nelson Minar)
Date: Wed, 20 Sep 95 23:32:31 PDT
To: cypherpunks@toad.com
Subject: Re: Netscape is doing well -- give 'em a break.
In-Reply-To: <199509202041.NAA07036@comsec.com>
Message-ID: <9509210631.AA18308@sfi.santafe.edu>
MIME-Version: 1.0
Content-Type: text/plain
>Netscape is to be commended for even *putting* crypto into their product!
I'm impressed with the way Netscape has responded to recent
events. It's refreshing to see a company say "yes, we made a mistake
in our security software" rather than pretend there's no problem.
Word Perfect encryption, anyone?
>Cygnus' Kerberos faced the same random-seed problems and punted in
>similar ways.
Last time I looked, the MIT-MAGIC-COOKIE-1 scheme used in X11R4 had
the same problem: the random seed was based on the current time to the
microsecond, modulo the granularity of the system clock. I think I
figured that on my hardware, if I could figure out which minute the X
server started (easy with finger), I'd only have to try a few
thousand keys or so. Caveat: I never actually proved the idea.
Return to September 1995
Return to “nelson@santafe.edu (Nelson Minar)”
Unknown thread root