Re: ActiveX security hole reported.

• To: lyalc@ozemail.com.au
• Subject: Re: ActiveX security hole reported.
• From: Holger.Reif@PrakInf.TU-Ilmenau.DE (Holger Reif)
• Date: Thu, 15 Aug 96 23:13:58 +0200
• Cc: www-security@ns2.rutgers.edu, garym@softshore.com.au, stephen@iu.net, trei@process.com

> If you do password protect your private key, there is always the (relatively) 
> reliable dictionary attack.

Depends on how sophisticated the app is (wether you _can_ choose a passphrase
rather then a password) and on how sophisticated the user is (wether he _will_
choose a passphrase rather then a password).

You can make a dictionary attack practically impossible.

> Another instance where digital signatures (which depend upon the private key) 
> not being worth the paper they 
> are printed on, IMHO.

No, it's not a prob with the scheme itself (digital signature) rather then
with the implementation (storing private keys in the file system). may be
you can find a notice regarding this in Andersons "Why cryptosystems fail" :-)


read you later  -  Holger Reif
----------------------------------------  Signaturprojekt Deutsche Einheit
TU Ilmenau - Informatik - Telematik                      (Verdamp lang her)
Holger.Reif@PrakInf.TU-Ilmenau.DE         Alt wie ein Baum werden, um ueber
http://Remus.PrakInf.TU-Ilmenau.DE/Reif/  alle 7 Bruecken gehen zu koennen

• Previous: Re: ActiveX security hole reported.
• Next: Re: How to get OFF this list
• Index(es):
  • Index
  • Thread