[prev in list] [next in list] [prev in thread] [next in thread] 

List:       websecurity
Subject:    Re: [WEB SECURITY] Digital Certificates for Web-based Mobile Apps
From:       Nick Owen <nowen () wikidsystems ! com>
Date:       2008-12-03 22:17:24
Message-ID: 49370574.1090808 () wikidsystems ! com
[Download RAW message or body]

If you intend to limit your deployment to a specific device, you might
be able to use their built-in crypto. But even so, I recommend choosing
a package that is not controlled by the device manufacturers or
carriers.  Bouncy Castle has good java packages.  Ntru is extremely fast
and has both java/j2me and C packages (it is a commercial package).

We do key gen on the device so we went with Ntru. years ago we tested BC
on a java phone and it looked like it would take about 14 hours to do
key gen. Looked like b/c we couldn't get it to finish. Things may have
changed, so test away. The ntru key gen is instantaneous.

nick

Arun Sundaresh wrote:
> Hi All,
>  
> Its really nice to see that there are quite a few folks working on the
> mobile app security too and not just the general web app security.
>  
> Here's another question that I had related to mobile apps. If somebody
> could answer this question for me, that would be of great help!
>  
> How does the digital certificate work for web-based mobile apps?
>  
> Thanks,
> Arun Sundaresh. R

-- 
Nick Owen
WiKID Systems, Inc.
404-962-8983 (desk)
http://www.wikidsystems.com
Commercial/Open-source Two-Factor Authentication

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA

[prev in list] [next in list] [prev in thread] [next in thread]