1996-10-02 - Re: Mousepad RNG’s?
Header Data
From: “Philip L. Karlton” <karlton@netscape.com>
To: paul@fatmans.demon.co.uk
Message Hash: 31fed0d05b1b310e9865bb8be82ae6fd2536ed6f9ec671f4a3972e22de0baf8d
Message ID: <325182C3.7184@netscape.com>
Reply To: <844013772.1731.0@fatmans.demon.co.uk>
UTC Datetime: 1996-10-02 01:34:24 UTC
Raw Date: Wed, 2 Oct 1996 09:34:24 +0800
Raw message
From: "Philip L. Karlton" <karlton@netscape.com>
Date: Wed, 2 Oct 1996 09:34:24 +0800
To: paul@fatmans.demon.co.uk
Subject: Re: Mousepad RNG's?
In-Reply-To: <844013772.1731.0@fatmans.demon.co.uk>
Message-ID: <325182C3.7184@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain
paul@fatmans.demon.co.uk wrote:
> I don`t know what PRNG netscape used in the broken
> version, can anyone tell me what they used, and whether it was the
> PRNG or the seed that was weak
The problem was with the seed; it was especially vulnerable to attacks
from somebody running on the same machine. Sufficient entropy is now
obtained during initialization and the PRNG is reseeded reasonably often
during execution. For the Navigator, this is every time the user event
loop cycles.
> also I would be interested to know
> what they are using now in terms of the algorithm and seed...
A pointer to the fixed code was posted to cypherpunks last year.
PK
--
Philip L. Karlton karlton@netscape.com
Principal Curmudgeon http://www.netscape.com/people/karlton
Netscape Communications Corporation
Everything should be made as simple as possible, but not simpler.
-- Albert Einstein
Thread
- Return to September 1996
Return to October 1996
- Return to “paul@fatmans.demon.co.uk”
Return to ““Philip L. Karlton” <karlton@netscape.com>”
- 1996-09-29 (Mon, 30 Sep 1996 03:01:15 +0800) - Re: Mousepad RNG’s? - paul@fatmans.demon.co.uk
- 1996-10-02 (Wed, 2 Oct 1996 09:34:24 +0800) - Re: Mousepad RNG’s? - “Philip L. Karlton” <karlton@netscape.com>