[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: verisign digital id's for outlook <shudder>

To: [email protected], [email protected]
Subject: Re: verisign digital id's for outlook <shudder>
From: [email protected] (Peter Gutmann)
Date: Sun, 8 Nov 1998 23:54:53 (NZDT)
Reply-To: [email protected]
Sender: [email protected]


>A quick question for all you security-savvy people.  Our IT instructor has
>asked the class to sign up for verisigns' 60-day trial of a class 1 digital
>id.
>
>I also understand that a well (poorly?) written activeX applet can grab my
>key basically without my knowledge (to speak nothing of the other myriad
>holes in win98/95)
>
>My question is, where the hell is the private key kept on the users box?
>How is it protected against attack?
 
It's protected by Microsoft asserting that it's protected.  There's also some
sort of attempt at encryption (easily broken, see
http://www.cs.auckland.ac.nz/~pgut001/breakms.txt), but in any case there are
enough security holes there that anything which manages to run on your system
(ActiveX, as you've mentioned) can grab your keys without a lot of trouble.
 
Peter.

Prev by Date: Re: IP: [FP] L.A. DMV Tries to Stem the Tide of Fake Licenses
Next by Date: Re: Response to Anonymous re: Zero-Knowledge Freedom
Prev by thread: verisign digital id's for outlook <shudder>
Next by thread: securities - PRIVATE PLACEMENT WSG TECH, INC.
Index(es):
- Date
- Thread