Hi guys,
Sorry for being mute, I had to work on other stuff. To answer the questions:
our current setup uses an NSAPI plugin to handle all the authentication stuff.
PIN (as you have guessed) is only used to "open up" the chipcard, all the
cryptography magic happens inside the card's chip.
We
Hi,
We are working for a bank that implements a plugin for signing login and
transactions in an e-banking solution. This is a key part of the application,
it supports the three major browsers (FF and IE through npapi, Chrome through
native messaging). When we investigated the problem
On Mon, Oct 12, 2015 at 4:22 AM, Gijs Kruitbosch
wrote:
> Are you effectively saying that you use crypto for signing financial
> transactions, and the PIN is used for authenticating the user but not
> involved in the actual signature/crypto algorithm? Therefore, if a
Are you effectively saying that you use crypto for signing financial
transactions, and the PIN is used for authenticating the user but not
involved in the actual signature/crypto algorithm? Therefore, if a user
finds a way to invoke the same crypto without providing the PIN, they
can effect
On Mon, Oct 12, 2015 at 5:01 AM, Gijs Kruitbosch
wrote:
> On 12/10/2015 12:34, Eric Rescorla wrote:
>
>> On Mon, Oct 12, 2015 at 4:22 AM, Gijs Kruitbosch <
>> gijskruitbo...@gmail.com>
>> wrote:
>>
>> Are you effectively saying that you use crypto for signing financial
5 matches
Mail list logo