1996-04-21 - Re: Add-in encryption module to Netscape

Header Data

From: Alex Strasheim <alex@crawfish.suba.com>
To: frantz@netcom.com (Bill Frantz)
Message Hash: 4d5d4376e2b784a4139777baf3acc5f0bafef19b2c161a67e5577367b6ebda7a
Message ID: <199604211638.LAA00274@crawfish.suba.com>
Reply To: <199604210453.VAA01630@netcom9.netcom.com>
UTC Datetime: 1996-04-21 20:02:22 UTC
Raw Date: Mon, 22 Apr 1996 04:02:22 +0800

Raw message

From: Alex Strasheim <alex@crawfish.suba.com>
Date: Mon, 22 Apr 1996 04:02:22 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: Add-in encryption module to Netscape
In-Reply-To: <199604210453.VAA01630@netcom9.netcom.com>
Message-ID: <199604211638.LAA00274@crawfish.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> I have thought about the sources of entropy available to a Java applet, and
> there aren't many.  You should design your protocol so entropy is not
> needed on the applet side.  Entropy is normally used to pick symmetric
> encryption keys, and Initialization vectors

This is a reasonable approach if you're just going to send information 
from the applet to the server, which is what we were talking about.  But 
if we want to use java applets for secure two way communications, aren't 
we going to need to find some entropy somewhere?

Is it feasible to make an input package that stores up entropy from
keyboard and mouse events as an applet is used?  Then when entropy is
needed, whatever's available is used.  If there's not enough a scribble
window or text field could pop up and the user could generate the rest. 
(This isn't my idea, I'm inferring it from something Hal wrote.)

And over the long run, what, if anything, could Sun do to let applets have
access to more entropy in Java?  Would it be practical to have an entropy
source in the api, that could be combined with other sources in the 
applet?







Thread