Without enabling https... How secure is cyclos?

Functionality discussions and feature requests

Moderators: hugo, alexandre, rmvanarkel

Post Reply
maqueen
Posts: 34
Joined: Mon Aug 22, 2005 6:57 am

Without enabling https... How secure is cyclos?

Post by maqueen »

Hello,

This question is posed in two parts. Understanding the possible security risks not using a transaction code in non https enviroment, does the use of a transaction code in the http enviroment ad a layer of security that make it "https" like?
What kind of problems could be possible i.e. in the "mobile" enviroment say like a mobile phone or PDA not using https, but using a transaction code?

Mark

hugovanderzee
Posts: 98
Joined: Wed Apr 06, 2005 9:56 am

Post by hugovanderzee »

https offers a secure tunnel. This means all data is encrypted and you can be sure that the server you are talking to is really the one it says it is.

the transaction password is an extra security on user level. If your login password got somehow stolen the person would still need your transaction password in order to do payments.

An other level of security is the applet login, which prevents malicious key logging software to register your password.

It really depends on the organisation and the kind of network what security to implement. Some business networks use all three levels (this is more or less the level of security used with internet banking).
Lets networks normally do not use any of them, or only https. The applet login and transaction password is developed for banking systems with more serious transactions like barter systems.
Hugo van der Zee
Cyclos development team

Post Reply