LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

they use a non-standard encryption algorithm, so what?

they use a non-standard encryption algorithm, so what?

Posted Jan 27, 2007 3:31 UTC (Sat) by stevenj (guest, #421)
In reply to: they use a non-standard encryption algorithm, so what? by Los__D
Parent article: The cost of monoculture (Gen Kanai)

Signing an ActiveX object can only authenticate it to the client, not to the server, since it is not running on the server. The only way the server could use digital signatures to force a specific client binary, as opposed to specific client algorithms, would maybe be to use some sort of "trusted computing" where the client doesn't control their own hardware, and even that is dicey. Think about it.

(Log in to post comments)

they use a non-standard encryption algorithm, so what?

Posted Jan 27, 2007 10:10 UTC (Sat) by Los__D (subscriber, #15263) [Link]

Hmmmm, maybe you are right, unless there's a way to hide a key inside the ActiveX object, to encrypt the messages to the bank (on top of the SEED).

And they probably doesn't care THAT much, as long as the server can authenticate the user, then I guess it's all good.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds