From: “Jeff Weinstein” <jsw@netscape.com>
To: shamrock@netcom.com (Lucky Green)
Message Hash: d212f415437a98905bac1209e2bb2516c4bc51fe93edd8abcc7c8228abfe8c04
Message ID: <9509261428.ZM150@tofuhut>
Reply To: <9509251617.ZM167@tofuhut>
UTC Datetime: 1995-09-26 21:33:25 UTC
Raw Date: Tue, 26 Sep 95 14:33:25 PDT
From: "Jeff Weinstein" <jsw@netscape.com>
Date: Tue, 26 Sep 95 14:33:25 PDT
To: shamrock@netcom.com (Lucky Green)
Subject: Re: Security Update news release
In-Reply-To: <9509251617.ZM167@tofuhut>
Message-ID: <9509261428.ZM150@tofuhut>
MIME-Version: 1.0
Content-Type: text/plain
> Do the new versions use PGP's randseed.bin? If Netscape even only looks at
> data used to keep PGP secure, Netscape will be banned from my computer
> and every computer I am responsible for. -- For good.
Rather than get into a big fight about how safe it is for netscape
to be reading PGPs randseed.bin file, I've changed our code to not
do it. Instead of reading ~/.pgp/randseed.bin, we now get the name
of a file from the environment variable NSRANDFILE, and pass that
file's contents throught the RNG seed hash. If you decide that its
safe, you can set the env variable to point to your randseed.bin file,
or any other file of random bits you care to use.
--Jeff
--
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.
Return to September 1995
Return to ““Jeff Weinstein” <jsw@netscape.com>”