Chris Wedgwood (chris@cybernet.co.nz)
Thu, 18 Jun 1998 10:57:03 +1200
On Wed, Jun 17, 1998 at 01:01:45PM +0100, Victor Emanuel Luz wrote:
> Even devius stealth methods are quite simple do declassify the applet
> and gain access to the secret key or function to generate key see
> http://www.awesome.com/declass.html (it's free!) for details.
Don't use hard coded keys - ever.
Generate a session key and store this encrypted with RSA (assuming you only
want the applet to encrypt data and the server is secure). If the key is
only necessary for peer <-> peer communication, then you could use DH
although its could be hard to prevent MITM (which is trivial if someone can
get to the network physically, so it depends on you actual security
requirements).
-cw
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:18:38 ADT