On 11/01/2013 10:01 PM, bitcoingr...@gmx.com wrote: > Server provides a token for the client to sign.
Anyone else concerned about signing an arbitrary string? Could be a hash of $EVIL_DOCUMENT, no? I'd want to XOR the string with my own randomly generated nonce, sign that, then pass the nonce and the signature back to the server for verification. -- Johnathan Corgan, Corgan Labs SDR Training and Development Services http://corganlabs.com
<<attachment: johnathan.vcf>>
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Android is increasing in popularity, but the open development platform that developers love is also attractive to malware creators. Download this white paper to learn more about secure code signing practices that can help keep Android apps secure. http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
