From: pcw@access.digex.net (Peter Wayner)
To: cypherpunks@toad.com
Message Hash: 7dac4e0219c59c646691ea6251fbf987c5cb05f28d6d40aea624bc670f803788
Message ID: <v02130504acf220191b61@[199.125.128.5]>
Reply To: N/A
UTC Datetime: 1995-12-11 21:45:55 UTC
Raw Date: Tue, 12 Dec 1995 05:45:55 +0800
From: pcw@access.digex.net (Peter Wayner)
Date: Tue, 12 Dec 1995 05:45:55 +0800
To: cypherpunks@toad.com
Subject: Re: NSA rigs Crypto machines according to Balto Sun
Message-ID: <v02130504acf220191b61@[199.125.128.5]>
MIME-Version: 1.0
Content-Type: text/plain
At 11:14 AM 12/11/95, hallam@w3.org wrote:
>>So, is this what happened at Crypto AG? Is this what happened at
>>Netscape? We may never no for certain, but there is a final
>>warning for the folks at Netscape that is buried the Sun's
>>article about Crypto AG:
>
>No it is nothing like what happened at Netscape which was a common or
>garden cock up. It was simply the result of miscommunication between
>two groups of people being the original and new security team. Taher
>et al thought that the random number seed was OK because they discovered
>a design document describing it. Unfortunately the code had not been
>written to implement that design.
>
> Phill
Thanks for the deeper insight. Sure it was probably a mistake. But someone
made the decision to write code that didn't conform to that design document.
That person was probably saying, "Random number generator. Cool. I can use
the standard C library." or whatever. But that person could have been saying,
"Hey, if I slip this in then I'll be able to snag the session
keys with impunity."
We'll never know for sure.
-Peter
Return to December 1995
Return to “pcw@access.digex.net (Peter Wayner)”
1995-12-11 (Tue, 12 Dec 1995 05:45:55 +0800) - Re: NSA rigs Crypto machines according to Balto Sun - pcw@access.digex.net (Peter Wayner)