>I'm suprised someone else hasn't noticed this one. > >On the Netscape 1.12 and 2.0 info pages, it talks about how the RNG has >been much improved. Among other things, it mentions that the truly >paranoid can add stuff to their environment before starting Netscape, and >since it uses the environment to help seed the RNG, this will improve >security. > >On SunOS, at least, you can see the complete environment of ANY program >running on the system... I use: ps -auxgwwwe > >Granted, that's not damning in itself, but it doesn't help much... As I understand it, the environment variable in question is the name of a file containing "random" data rather than the "random" data itself. So, as long as no one else has read permission, or the environment variable is set to an appropriate "/dev/random", this shouldn't help an attacker. | (Douglas) Hofstadter's Law: Frank Stuart | It always takes longer than you expect, even fstuart@vetmed.auburn.edu | when you take into account Hofstadter's Law.