http://almaer.com/blog/gears-future-apis-crypto-api blogging about life, the universe, and everything tech Sat, 08 Sep 2012 07:06:53 -0700 http://wordpress.org/?v=2.8.4 hourly 1 http://almaer.com/blog/gears-future-apis-crypto-api/comment-page-1#comment-39165 replicahandbags Sat, 05 Jul 2008 07:05:16 +0000 http://almaer.com/blog/gears-future-apis-crypto-api#comment-39165 thanks for your share. thanks for your share.

]]> http://almaer.com/blog/gears-future-apis-crypto-api/comment-page-1#comment-37716 richard Thu, 10 Jan 2008 23:20:06 +0000 http://almaer.com/blog/gears-future-apis-crypto-api#comment-37716 Clearly, data on a local machine is a bad thing. However, I would add that to some extend even in their encrypted forms, unfortunately...In fact as long as the cryptographic operations are processed within the memory of a non-trustworthy device (i.e: the device your using to read this post), there's plenty of room for desktop attacks. Ideally the API should rely on portable tamper-proof devices (like smartcards) and also provide authentication and repudiation functionalities. How does that fit into Gears and Ajax ? I don't have the answer. My 2cents would be that the API should at least leverage industry-proven technologies otherwise it would take only few weeks for hackers to blow it away. Clearly, data on a local machine is a bad thing. However, I would add that to some extend even in their encrypted forms, unfortunately…In fact as long as the cryptographic operations are processed within the memory of a non-trustworthy device (i.e: the device your using to read this post), there’s plenty of room for desktop attacks. Ideally the API should rely on portable tamper-proof devices (like smartcards) and also provide authentication and repudiation functionalities. How does that fit into Gears and Ajax ? I don’t have the answer. My 2cents would be that the API should at least leverage industry-proven technologies otherwise it would take only few weeks for hackers to blow it away.

]]>