Are you effectively saying that you use crypto for signing financial
transactions, and the PIN is used for authenticating the user but not
involved in the actual signature/crypto algorithm? Therefore, if a user
finds a way to invoke the same crypto without providing the PIN, they
can effect financial transactions without being authenticated?
Because tbh that sounds like a serious malware threat vector that you
should fix in some way where it is theoretically impossible (rather than
just practically difficult because of smoke and mirrors with
native/NPAPI code) for the system to issue a signature without the PIN.
IOW, fix your crypto, and all the other problems will go away as a
consequence.
~ Gijs
On 12/10/2015 12:13, harang.pe...@bell.co.hu wrote:
Hi,
We are working for a bank that implements a plugin for signing login
and transactions in an e-banking solution. This is a key part of the
application, it supports the three major browsers (FF and IE through
npapi, Chrome through native messaging). When we investigated the
problem half-a-year ago, the FF implementation of the Crypto API was not
suitable, since the most important use-case (for each operation, PIN has
to be entered) could not be enforced.
Therefore, we still use the plugin to do all the stuff necessary for
signing transactions, and managing functionalities (PIN change, etc).
If any of you have some wisdom regarding this matter, please advice,
it will be much appreciated.
Thanks,
Peter
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
