1995-10-24 - Re: Reducing the Flames, Attacks, and Nit-Pickings

Header Data

From: Scott Brickner <sjb@universe.digex.net>
To: tcmay@got.net (Timothy C. May)
Message Hash: a1136f9f874634eb7c7d8232357ff95f68e051ac001d22b01a1001ad1ff9fe75
Message ID: <199510240133.VAA13731@universe.digex.net>
Reply To: <acb06aea5b021004cdd9@[205.199.118.202]>
UTC Datetime: 1995-10-24 01:33:51 UTC
Raw Date: Mon, 23 Oct 95 18:33:51 PDT

Raw message

From: Scott Brickner <sjb@universe.digex.net>
Date: Mon, 23 Oct 95 18:33:51 PDT
To: tcmay@got.net (Timothy C. May)
Subject: Re: Reducing the Flames, Attacks, and Nit-Pickings
In-Reply-To: <acb06aea5b021004cdd9@[205.199.118.202]>
Message-ID: <199510240133.VAA13731@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May writes:
>Worse, idle speculation about possible security flaws seems wasteful.

Not always.  A couple of months ago someone was asking what the fuss
was about in making sure random number generators were secure.  In
describing potential problems with poor RNG seeds I "idly" speculated
that if Netscape has a lousy RNG that it might be *lots* easier to
attack that than the (then current) brute force attack was.

A week or to later, Ian posted a reverse engineered copy of the
Netscape RNG stuff, and a week or so after that announced his big
hole.

Occasionally, idle speculation sparks good ideas.





Thread