Using Merkle's Puzzles, the key wouldn't need to ever be transmitted
across the network. It, or a seed from which the key could be
formulated, would be contained within one of the puzzles which would
be randomly solved by the client, after which some sort of a
sentinel/signature message could
On Thursday 29 May 2008, kaleb_pederson wrote:
> b) figure out the AES encryption key (possibly generated
> dynamically)
I motivated attacked could probably intercept the key as it was sent, so you'd
want something like those SecureID tokens where both the server and client
come up with the same
If the code compiled with SWFEncrypt is truly not compilable or you
consider that code secure, then it wouldn't take too much effort to
make this reasonably secure... I'll offer a suggestion that doesn't
really rely on it below.
Create a wrapper SWF which creates an AES tunnel to the server. A
About the client side (swf file), you could always try to encrypt the swf file
with "SWF Encrypt"... people won't be able to decompile and use it as their
own. Actually it will decompile but without any usable and/or compilable code.
Of course this does not solve the network sniffer problem,
4 matches
Mail list logo
