| |||||||||||||
|
| |||||||||||||
they use a non-standard encryption algorithm, so what?they use a non-standard encryption algorithm, so what?Posted Jan 27, 2007 1:30 UTC (Sat) by Los__D (subscriber, #15263)In reply to: they use a non-standard encryption algorithm, so what? by stevenj Parent article: The cost of monoculture (Gen Kanai)
AFAIK (I'm no expert though), ActiveX objects are signed, so that you can't spoof them (to the client). Banks would probably use the same technique the other way around, so that they know the object is really theirs. Breaking that would probably be very hard, and legally amount to hacking. In the US at least it would be a DMCA violation, here in Denmark, and most of EU, we have something similar,
I have no idea what the rules are in South Korea, but I have this feeling, you know ;)
(Log in to post comments)
they use a non-standard encryption algorithm, so what? Posted Jan 27, 2007 3:31 UTC (Sat) by stevenj (guest, #421) [Link] Signing an ActiveX object can only authenticate it to the client, not to the server, since it is not running on the server. The only way the server could use digital signatures to force a specific client binary, as opposed to specific client algorithms, would maybe be to use some sort of "trusted computing" where the client doesn't control their own hardware, and even that is dicey. Think about it.
they use a non-standard encryption algorithm, so what? Posted Jan 27, 2007 10:10 UTC (Sat) by Los__D (subscriber, #15263) [Link] Hmmmm, maybe you are right, unless there's a way to hide a key inside the ActiveX object, to encrypt the messages to the bank (on top of the SEED).
And they probably doesn't care THAT much, as long as the server can authenticate the user, then I guess it's all good.
|
|
||||||||||||