>I'm suprised someone else hasn't noticed this one.
>
>On the Netscape 1.12 and 2.0 info pages, it talks about how the RNG has
>been much improved. Among other things, it mentions that the truly
>paranoid can add stuff to their environment before starting Netscape, and
>since it uses the environment to help seed the RNG, this will improve
>security.
>
>On SunOS, at least, you can see the complete environment of ANY program
>running on the system... I use: ps -auxgwwwe
>
>Granted, that's not damning in itself, but it doesn't help much...
As I understand it, the environment variable in question is the name of
a file containing "random" data rather than the "random" data itself. So,
as long as no one else has read permission, or the environment variable is
set to an appropriate "/dev/random", this shouldn't help an attacker.
| (Douglas) Hofstadter's Law:
Frank Stuart | It always takes longer than you expect, even
fstuart_at_vetmed.auburn.edu | when you take into account Hofstadter's Law.
Received on Oct 11 1995
Intro
