From: "Timothy C. May" <tcmay@got.net>
Date: Sun, 29 Sep 1996 03:30:43 +0800
To: Cypherpunks@toad.com
Subject: Re: Mousepad RNG's?
In-Reply-To: <199609281551.IAA03203@dns2.noc.best.net>
Message-ID: <v03007800ae731f9c57fd@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:13 PM -0700 9/27/96, James A. Donald wrote:

>Some time ago, at a cypherpunks conference, people were making
>all sorts of ridiculous proposals for being really, really,
>really, sure that you had real entropy, and a prominent
>cypherpunk, possibly Tim May, said, "This is ridiculous:
>Nobody ever broke good crypto through weakness in the
>source of truly random numbers".  Sometime after that
>Netscape was broken through weakness in the source of
>truly random numbers.

This somewhat misrepresents what I said, back at that Cypherpunks meeting
in 1993-4.

The Netscape "random number generator" that was the basis of the Goldberg
and Wagner attack was not even remotely a _physical_ random number
generator, as it relied on various Unix clock readings and not on any
physical sources of entropy (such as mouse tracks, Johnson noise,
radioactivity, etc.). It was a classic case of living in a state of sin.

--Tim May



We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."