On Feb 20, 2012 1:21 PM, "Michael A. Labriola" <labriola@digitalprimates.net>
wrote:
> I am not going to hold my breath on this, but the way to avoid this would
be to have adobe host a minimal-sized, signed rsl, that contained our
hashes. Then we have the hashes with a level of confidence.
Can't the hashes of all used libraries be compiled into the application?
The problem with hash verification may be a performance of md5
calculations in as3. I recall a performance issues caused by custom RSL
verification in one project.
Cheers,
Iwo
|