[2632] in WWW Security List Archive
Re: ActiveX security hole reported.
daemon@ATHENA.MIT.EDU (Holger Reif)
Thu Aug 15 19:13:29 1996
Date: Thu, 15 Aug 96 23:13:58 +0200
From: Holger.Reif@PrakInf.TU-Ilmenau.DE (Holger Reif)
To: lyalc@ozemail.com.au
Cc: www-security@ns2.rutgers.edu, garym@softshore.com.au, stephen@iu.net,
trei@process.com
Errors-To: owner-www-security@ns2.rutgers.edu
> If you do password protect your private key, there is always the (relatively)
> reliable dictionary attack.
Depends on how sophisticated the app is (wether you _can_ choose a passphrase
rather then a password) and on how sophisticated the user is (wether he _will_
choose a passphrase rather then a password).
You can make a dictionary attack practically impossible.
> Another instance where digital signatures (which depend upon the private key)
> not being worth the paper they
> are printed on, IMHO.
No, it's not a prob with the scheme itself (digital signature) rather then
with the implementation (storing private keys in the file system). may be
you can find a notice regarding this in Andersons "Why cryptosystems fail" :-)
read you later - Holger Reif
---------------------------------------- Signaturprojekt Deutsche Einheit
TU Ilmenau - Informatik - Telematik (Verdamp lang her)
Holger.Reif@PrakInf.TU-Ilmenau.DE Alt wie ein Baum werden, um ueber
http://Remus.PrakInf.TU-Ilmenau.DE/Reif/ alle 7 Bruecken gehen zu koennen
