So assuming this is a long term client, who periodically logs in with a
password, you could initially use SSL on his first sign-up to pass him his
private key. Where could you store this key between sessions? Ideally this
would all have to be automatic and no additional work or bother for the
user.
Brian
>
> If you use an applet for this purpose, our hypothetical
> cracker can read the
> bytecodes as they are downloaded, right? So it is possible
> to decompile the
> applet and understand what algorithm you try to use, and
> we're back where we
> started -- vulnerable.
>
> This is why encryption-based protocols like SSL exist; to minimize the
> possibility that you can be hacked, even in an environment
> where the bad guy
> can listen to the bytes going by.
>
> Craig
>
>
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
FAQs on JSP can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
