Forgot your password?

Comment: Re: This is why encryption isn't popular (Score 1) 399

by wkk2 (#44530189) Attached to: Ask Slashdot: How Do I Request Someone To Send Me a Public Key?

Also, assumes that the card generates good key pairs and doesn't use some secret process that allows private key recovery from the public key. This has been done by card suppliers in the past.

As a side questions: Does any CA have a process for signing S/MIME certificates that can be generated outside of a browser?

Comment: Re:Too expensive? (Score 1) 229

by wkk2 (#40170733) Attached to: Ask Slashdot: Equipping a Company With Secure Android Phones?

I suspect that no off the shelf product is secure from the network side. The hardware needs to have two independent blocks: a communications module and a application module. The two need to be linked with a well defined API so that the communications module can't change the application code and there is a good point for an audit. There are probably regulatory issues like GPS to emergency services, not being able to hang up an emergency call, etc. You need to be able to load the application code from a secure interface with signed code etc. A smart card slot for application module key material would be a plus. Good luck trying to find one and good luck getting approval to sell one with these features.

Comment: More privacy issues (Score 1) 234

by wkk2 (#38226976) Attached to: Carrier IQ Software May Be in iOS, Too

There appears to be more privacy issues beyond monitoring in the phone. My Smartphone (GT-I9100 v.2.3.4) won't allow access to It also doesn't allow the addition of private certificate authorities or the removal of bad ones. To make matters worse, it won't display the fingerprint of a certificate. So the only option is to accept, on faith, the issuer name displayed. It seems obvious that the handset makers don't care about privacy or potential harm to customers.

"If value corrupts then absolute value corrupts absolutely."