directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alfred Reibenschuh <>
Subject Re: [triplesec/hauskeys] issues
Date Wed, 25 Jul 2007 20:12:05 GMT
Hash: SHA256

Alex Karasulu wrote:
> Eventually yes but let's see a couple patches to evaluation if you are
> not a
> butcher :).  Does not

i've been called a brute but not a butcher ...

> sound like it - but after a couple patches I should be able to determine
> enough.  So start putting
> these issues you have in JIRA then knocking them off and attaching the
> patch
> to a JIRA issue.
> As advice try to keep the task small and directed so it's easier to
> evaluate
> what you're doing in
> your patch diffs.  Also avoid unnecessary refactoring or formating of code
> that obscures the gist
> of what you're doing in the diff.

ok, i'll sort them out, bt this will take a while.

> Great!  I think your security concerns can lead to some positive things for
> the midlet design.
> Would love to have someone that is interested in the midlet involved. 
> There
> are so many
> advances we can work on with the midlet.  Right now it's just minimal and
> generic. 

yet is has potential.

> Also I wanted to put a self destruct setting into the midlet that destroyed
> the credential info in
> the phone or locked up the midlet some how if the user tried to break in by
> brute forcing the pin.
> Say N consecutive unlock events lead destroy the secret key and
> counter.  If
> user gets it right
> before N failures consecutively the failure counter clears.  The counter
> should be persisted
> across restarts.

destroying the HOTP-INFO in the jar isnt possible,
but you have already implemented lockup if the pin
is entered a certain number of times.

> I also have some ideas on leveraging bluetooth too but you may not be
> interested in that.

yet this kind of 'featuritis' could be counter-productive.

> Just install IDEA or Eclipse, JDK 1.5.0_xx and check out tsec and start
> working on the code.

ah, eclipse is already my usual poison so no pb.

> If you have issues gimme a ring.

i will.

- --
Schonmal davon gehoert, dass nicht jeder linux user gleich ein
programmierer ist, der alles, was er selber braucht, auch selber
programmiert, installiert, patched, hacked oder portiert?

Urks?  Das ist doch nur eine Legende.....
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla -


View raw message