|
| If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|||||||
|
|
Thread Tools | Display Modes |
|
#23
December 11th 11, 09:59 PM
posted to rec.aviation.soaring
|
|||
|
|||
OLC and Cambridge 10/20/25 support ending
On Dec 11, 10:54*am, Max Kellermann wrote:
Westbender wrote: I have put together a secure solution in the form of a windows app and associated validation DLL. Is there a chance you're going to release the source code of that DLL under a free software license? (If you think this would harm security, then it's not secure, just snake oil.) Max I haven't gotten that far yet. I don't think there's any reason why the source code can't be released, although I don't know why that would be important. All the DLL does is run the hashing algorithm and decrypt the signature using the public key so they can be compared. There isn't much to it. Really, the only thing that needs to be secure is the private key that's used to create the digital signature in the converter program. The private key is not in any way part of the validation DLL. By the way, in case you're wondering, this software uses 1024 bit DSA asymmetric encryption/decryption keys. The hashing algorithm is my own and uses SHA1. In my opinion, the most important thing is managing the private/public key pairs and keeping them in sync. This software has to be stable so that there is as little chance as possible for problems. If this were to come to fruition, the slightest problem resulting in technical support inquiries created by people monkeying around with open source code will possibly cause the OLC to want to drop support again. Remember this is for legacy CAI loggers only. There will be no need for future development since the design and versions of those loggers are static. Once this software matures, there will be very little need for updates. There will have to be some controlling authority to manage and release new key pairs if the need for them (unlikely crack) ever arose. Although I can't imagine that anyone would want to spend the effort to crack a digital signature of this complexity on flight logs for the OLC. I agree with most people that we should not have to go through this crap. However since this is what it's going to take to keep these loggers alive on the OLC, then I'm willing to give this a try. 
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| NK Now Offering Support for Legacy Cambridge Products | Paul Remde | Soaring | 1 | July 16th 08 11:12 PM |
| Bushite soldiers beat to death innocent Children to 'let offsteam' - Support Our Demands For Open Communications - Unraveling the Mystery- you can not find a single soldier on Earth to publicly support GeorgeW Bush without immediately being re | Tiger | Naval Aviation | 0 | April 10th 08 02:20 AM |
| OLC-Posting flights ending after 2400UT | Go | Soaring | 1 | April 2nd 06 01:32 PM |
| Yokota airmen deployment ending | Otis Willie | Military Aviation | 0 | September 2nd 04 10:45 PM |
| Cambridge 302/Cambridge 3UTIQ255 utility/ WinPilot/iPAQ 4155 | Nathan Whelchel | Soaring | 4 | July 6th 04 12:22 AM |
Threaded Mode