Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:15:22
Bill Frantz (frantz@netcom.com)
Tue, 27 Oct 1998 11:13:14 -0800
At 5:33 AM -0800 10/27/98, Perry E. Metzger wrote:
>Bill Frantz writes:
>> >My suggestion: why re-implement what is already available in the
>> >program? The java applet is allowed to open an https: URL on the
>> >server if it wishes. Have it do so, and download your session keys
>> >that way.
>> >
>> >I've built several systems already that use this trick. 'taint pu'rty,
>> >but it does the job.
>>
>> Perry - How is the HTTPS session key selected.
>
>The randomness for it is derived using whatever method the browser
>normally uses for selecting the thing. It is true that you are
>dependent on the browser, but I suspect it is easier to get good
>randomness in C than in Java. The code for Netscape's RNG is fairly
>public, too.
In an ideal world, it would be the same source. However, I expect that
Netscape/Microsoft hasn't modified the java.security classes to use a
better source of randomness.
-------------------------------------------------------------------------
Bill Frantz | Macintosh: Didn't do every-| Periwinkle -- Consulting
(408)356-8506 | thing right, but did know | 16345 Englewood Ave.
frantz@netcom.com | the century would end. | Los Gatos, CA 95032, USA
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:15:22