WebApp Sec mailing list archives
Re: Fwd: Hash for data in transit
From: Robert Hajime Lanning <robert.lanning () gmail com>
Date: Tue, 27 Jul 2010 23:24:43 -0700
You can hash the form data, then encrypt the hash with a shared transaction key given to the user via a capcha type of method. Basically you sign the form data using a capcha phrase as the random shared per transaction key. Just make sure the whole transaction uses SSL/TLS of appropriate strength. That would prove against tampering in transit, twice over. Once via the SSL/TLS and second via the internal signing. On Tue, Jul 27, 2010 at 7:42 AM, <richardhigh () imgva com> wrote:
Saleh, Thanks for the feedback. Our team is still trying different things to comply with this security requirement. Trying to find a solution to verify the integrity without opening more vulnerabilities with the solution. Any additional suggestions are welcomed. Thanks.
-- And, did Galoka think the Ulus were too ugly to save? -Centauri This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- Re: Hash for data in transit, (continued)
- Re: Hash for data in transit Robert Hajime Lanning (Jul 20)
- Message not available
- Re: Hash for data in transit Robert Hajime Lanning (Jul 21)
- Re: Hash for data in transit Peter M. Jansson (Jul 21)
- Message not available
- Re: Hash for data in transit Robert Hajime Lanning (Jul 20)
- Re: Hash for data in transit Nikhil Wagholikar (Jul 20)
- Re: Hash for data in transit Saleh (Jul 21)
- Message not available
- Message not available
- Message not available
- Fwd: Hash for data in transit Saleh (Jul 26)
- Re: Hash for data in transit Saleh (Jul 21)
- Re: Fwd: Hash for data in transit Robert Hajime Lanning (Jul 28)