[Dailydave] entropicdata.com ?
Dave Aitel
dave at kof.immunityinc.com
Tue May 19 19:44:15 EDT 2009
Lots of people are doing things in web services (AJAX, etc) that require
real crypto. So they implement RSA/twofish/etc in Javascript and run that in
the browser. But this requires a way to generate a key which requires some
entropy. There's no "feed of random numbers" that I know of on the web that
you can use to seed your crypto, probably because of cross site
restrictions. But it seems like either google gears, HTML5, or one of the
other new extensions should offer it as a built-in API.
Likewise if they allowed you to get data from other sites (which the new
Firefox does sometimes?) then you could set up a web service for people to
use to get their entropic data from (over SSL of course :>).
What else are people using for this? It seems to be a bit of a theme here at
SyScan (re: David Thiel's RIA presentation). Is there an API in
Silverlight/Flash/etc that lets you get entropy and then give it back to the
browser context?
-dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20090519/7b5d654f/attachment.htm
More information about the Dailydave
mailing list