On Mon, Oct 12, 2015 at 4:22 AM, Gijs Kruitbosch <gijskruitbo...@gmail.com> wrote:
> Are you effectively saying that you use crypto for signing financial > transactions, and the PIN is used for authenticating the user but not > involved in the actual signature/crypto algorithm? Therefore, if a user > finds a way to invoke the same crypto without providing the PIN, they can > effect financial transactions without being authenticated? > > Because tbh that sounds like a serious malware threat vector that you > should fix in some way where it is theoretically impossible (rather than > just practically difficult because of smoke and mirrors with native/NPAPI > code) for the system to issue a signature without the PIN. > > IOW, fix your crypto, and all the other problems will go away as a > consequence. This (or at least something with a similar UX) is a totally standard design: the cryptographic keys are embedded in a hardware token and a local PIN Is used to obtain access to the token for the purpose of performing cryptographic operations with those keys. The token enforces the PIN check. Note that the purpose of the PIN isn't to protect against malware but rather to protect against loss/theft of the token. -Ekr > > ~ Gijs > > > On 12/10/2015 12:13, harang.pe...@bell.co.hu wrote: > >> Hi, >> >> We are working for a bank that implements a plugin for signing login >> > and transactions in an e-banking solution. This is a key part of the > application, it supports the three major browsers (FF and IE through > npapi, Chrome through native messaging). When we investigated the > problem half-a-year ago, the FF implementation of the Crypto API was not > suitable, since the most important use-case (for each operation, PIN has > to be entered) could not be enforced. > >> >> Therefore, we still use the plugin to do all the stuff necessary for >> > signing transactions, and managing functionalities (PIN change, etc). > >> >> If any of you have some wisdom regarding this matter, please advice, >> > it will be much appreciated. > >> >> Thanks, >> >> Peter >> >> > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
