1996-04-22 - Re: Add-in encryption module to Netscape

Header Data

From: frantz@netcom.com (Bill Frantz)
To: Bill Stewart <cypherpunks@toad.com
Message Hash: ec20c381714334f9a3b2d37ec5a00b3443fa51be06b77fde22dfec275b32d3ab
Message ID: <199604220748.AAA17997@netcom9.netcom.com>
Reply To: N/A
UTC Datetime: 1996-04-22 10:32:58 UTC
Raw Date: Mon, 22 Apr 1996 18:32:58 +0800

Raw message

From: frantz@netcom.com (Bill Frantz)
Date: Mon, 22 Apr 1996 18:32:58 +0800
To: Bill Stewart <cypherpunks@toad.com
Subject: Re: Add-in encryption module to Netscape
Message-ID: <199604220748.AAA17997@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:04 PM 4/21/96 -0700, Bill Stewart wrote:
>At 09:55 PM 4/20/96 -0700, frantz@netcom.com (Bill Frantz) wrote:
>>I have thought about the sources of entropy available to a Java applet, and
>>there aren't many.  You should design your protocol so entropy is not
>>needed on the applet side.  Entropy is normally used to pick symmetric
>>encryption keys, and Initialization vectors
>
>If your applet wants to set up a Diffie-Hellman connection, it'll need
>a random number to set its half-key; a scribble window may be good enough.

Indeed, Bill Stewart (and someone else whose name I forget) are right.  I
had it in the back of my head that you don't want to harass the user.  If
you are willing, as in PGP, to ask the user to enter some entropy, then
there you can get some sources of randomness which may be good enough. 
However, do be conservative.  After being conservative, gather 10 times as
much as you thought you needed.  The models of entropy in scribbling are
none too good.


Regards - Bill



------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA







Thread