From: Christian Wettergren <cwe@Csli.Stanford.EDU>
To: jsw@neon.netscape.com (Jeff Weinstein)
Message Hash: e17974a513cd0f59fa9f2a4cd4df87955c9f68b2de569947cb3e4967108a07e8
Message ID: <199509211735.KAA19988@Csli.Stanford.EDU>
Reply To: <43qrpq$gd5@tera.mcom.com>
UTC Datetime: 1995-09-21 17:35:26 UTC
Raw Date: Thu, 21 Sep 95 10:35:26 PDT
From: Christian Wettergren <cwe@Csli.Stanford.EDU>
Date: Thu, 21 Sep 95 10:35:26 PDT
To: jsw@neon.netscape.com (Jeff Weinstein)
Subject: Re: NSA and Netscape Crack
In-Reply-To: <43qrpq$gd5@tera.mcom.com>
Message-ID: <199509211735.KAA19988@Csli.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain
| Believe it or not we don't like being trashed for
| being stupid all over the net, print media, and TV. As far as I know
| the NSA have not given us any advice about how to make our system
| stronger. I've heard rumors that they were quite upset when they
| learned that SSLs 40-bit RC4 was actually 40-bit secret and 88-bit salt.
It is dangerous that the general reaction is that of
'them being stupid', since that will prevent others
from stepping forward and reveal their own 'holes'.
I decree that 'all holes look stupid once located'.
But 'any non-trivially large program is bound to have
holes' => 'all programmers are stupid' (except me,
because I found the hole?)
Jeff, your and Netscape prompt response to this is
what counts - holes will always be uncovered, it's the
time before they are patched that really matters.
/Christian
Return to September 1995
Return to “norm@netcom.com (Norman Hardy)”