Re: Java key hiding stealth method.

Chris Wedgwood (chris@cybernet.co.nz)
Thu, 18 Jun 1998 10:57:03 +1200

• Next message: Chris Wedgwood: "Re: Locking physical memory (RAM) under Windows"
• Previous message: Jim Adler: "Re: Locking physical memory (RAM) under Windows"
• Maybe in reply to: Simon R Knight: "Locking physical memory (RAM) under Windows"

On Wed, Jun 17, 1998 at 01:01:45PM +0100, Victor Emanuel Luz wrote:

> Even devius stealth methods are quite simple do declassify the applet
> and gain access to the secret key or function to generate key see
> http://www.awesome.com/declass.html (it's free!) for details.

Don't use hard coded keys - ever.

Generate a session key and store this encrypted with RSA (assuming you only
want the applet to encrypt data and the server is secure). If the key is
only necessary for peer <-> peer communication, then you could use DH
although its could be hard to prevent MITM (which is trivial if someone can
get to the network physically, so it depends on you actual security
requirements).

-cw

• Next message: Chris Wedgwood: "Re: Locking physical memory (RAM) under Windows"
• Previous message: Jim Adler: "Re: Locking physical memory (RAM) under Windows"
• Maybe in reply to: Simon R Knight: "Locking physical memory (RAM) under Windows"