On Tue, Jun 11, 2002 at 11:45:03AM +1000, andrew lonsdale wrote: > Downloaded Mozilla 1.0 on Friday 7 June and installed. Scanned my PC this > morning, Tuesday 11 June using Pest Patrol and discovered your software > installs what is identified as a keystroke logger. > > On my machine with a standard install, the offending file is at c:\program > files\mozilla.org\Mozilla\components\pipnss.dll
pipnss.dll is a part of Mozilla's cryptographic infrastructure, called NSS. A key part of strong cryptography is the generation of random numbers, and one very common method for gathering "entropy" for the production of such numbers is to track the timing between keystrokes. Please rest assured that your keystrokes are not being logged in any way, and that this interception of keystroke data is in fact being used, in all honesty, to improve the security of your web use. There's a description of some of the issues involved at http://www.random.org/essay.html, but mozilla-crypto readers might have additional tips to offer, so I'm copying them here. Thanks for using Mozilla! Mike
