[Previous] [Next] [Index]
[Thread]
Re: ActiveX security hole reported.
> If you do password protect your private key, there is always the (relatively)
> reliable dictionary attack.
Depends on how sophisticated the app is (wether you _can_ choose a passphrase
rather then a password) and on how sophisticated the user is (wether he _will_
choose a passphrase rather then a password).
You can make a dictionary attack practically impossible.
> Another instance where digital signatures (which depend upon the private key)
> not being worth the paper they
> are printed on, IMHO.
No, it's not a prob with the scheme itself (digital signature) rather then
with the implementation (storing private keys in the file system). may be
you can find a notice regarding this in Andersons "Why cryptosystems fail" :-)
read you later - Holger Reif
---------------------------------------- Signaturprojekt Deutsche Einheit
TU Ilmenau - Informatik - Telematik (Verdamp lang her)
Holger.Reif@PrakInf.TU-Ilmenau.DE Alt wie ein Baum werden, um ueber
http://Remus.PrakInf.TU-Ilmenau.DE/Reif/ alle 7 Bruecken gehen zu koennen