On Fri, Dec 28, 2012 at 4:53 AM, Anders Rundgren <[email protected]> wrote: > On 2012-12-28 10:36, Jeffrey Walton wrote: > > Too many things, my brain works best with one thing at a time :-) > >>> MSFT and RIM have absolutely nothing for on-line banking. >> For whom? The consumer or the enterprise? >> >> For the consumer, its generally low-value data and banking apps are >> fine (some risk is accepted). > > If we keep stick to the (original) subject line my primary concern is Hard to tell - you were all over the place ;)
> that the most popular mobile platform doesn't offer a useful facility > for provisioning keys for third party applications like on-line banking. OK. What kind of keys for whom? Online banking users? Executives and management? Perhaps you'd like to use GnuPG? ElGamal FTW? GnuPG uses Lim-Lee primes, and the keys cannot be validated in practice (you need the uniques factorization). That means you can't apply your secret to their public key, and you can't trust their signatures from their private key. > "Useful" in this space means not only that it is "secure" but also that > it also offers a reasonable functionality. <keygen> was great...1996. You can specify key size, which determines security levels. 3072 bit RSA or 256-bit curves (give or take) provide all the security folks like you, me, and most banking customers need. Or at least for me and most banking customers. Jeff -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
