Dailydave mailing list archives
entropicdata.com ?
From: Dave Aitel <dave () kof immunityinc com>
Date: Tue, 19 May 2009 19:44:15 -0400
Lots of people are doing things in web services (AJAX, etc) that require real crypto. So they implement RSA/twofish/etc in Javascript and run that in the browser. But this requires a way to generate a key which requires some entropy. There's no "feed of random numbers" that I know of on the web that you can use to seed your crypto, probably because of cross site restrictions. But it seems like either google gears, HTML5, or one of the other new extensions should offer it as a built-in API. Likewise if they allowed you to get data from other sites (which the new Firefox does sometimes?) then you could set up a web service for people to use to get their entropic data from (over SSL of course :>). What else are people using for this? It seems to be a bit of a theme here at SyScan (re: David Thiel's RIA presentation). Is there an API in Silverlight/Flash/etc that lets you get entropy and then give it back to the browser context? -dave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- entropicdata.com ? Dave Aitel (May 19)
- Re: entropicdata.com ? kowsik (May 20)
- Re: entropicdata.com ? Jon Oberheide (May 20)
- Re: entropicdata.com ? Jim Manico (May 20)
- Re: entropicdata.com ? Michal Zalewski (May 20)
- Re: entropicdata.com ? Arshan Dabirsiaghi (May 20)
- Re: entropicdata.com ? Nate Lawson (May 22)
- Re: entropicdata.com ? Dave Aitel (May 26)
- Re: entropicdata.com ? Nate Lawson (May 27)
- Re: entropicdata.com ? Dave Aitel (May 26)