On 2012-12-28 11:00, Jeffrey Walton wrote: > On Fri, Dec 28, 2012 at 4:53 AM, Anders Rundgren > <[email protected]> wrote: >> On 2012-12-28 10:36, Jeffrey Walton wrote: >> >> Too many things, my brain works best with one thing at a time :-) >> >>>> MSFT and RIM have absolutely nothing for on-line banking. >>> For whom? The consumer or the enterprise? >>> >>> For the consumer, its generally low-value data and banking apps are >>> fine (some risk is accepted). >> >> If we keep stick to the (original) subject line my primary concern is > Hard to tell - you were all over the place ;) > >> that the most popular mobile platform doesn't offer a useful facility >> for provisioning keys for third party applications like on-line banking. > OK. What kind of keys for whom? Online banking users? Executives and > management?
The 500M+ users of consumer on-line banking. > > Perhaps you'd like to use GnuPG? ElGamal FTW? GnuPG uses Lim-Lee > primes, and the keys cannot be validated in practice (you need the > uniques factorization). That means you can't apply your secret to > their public key, and you can't trust their signatures from their > private key. > >> "Useful" in this space means not only that it is "secure" but also that >> it also offers a reasonable functionality. <keygen> was great...1996. > You can specify key size, which determines security levels. 3072 bit > RSA or 256-bit curves (give or take) provide all the security folks > like you, me, and most banking customers need. Or at least for me and > most banking customers. I have no problem with the cryptography in Android. The problem (as *I* see it NB) is that "apps" cannot use it without effectively duplicating <keygen>/"KeyChain" which seems like a pretty bad idea. Anders > > Jeff > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
