|
|
|
|
|
|
by smartera
3909 days ago
|
|
|
This is all nice; and as hinkley pointed, Stanford already proposed a better protocol. The primary issue in my opinion is how to trust the JavaScript arriving from the server that it does what it's supposed to do. In my humble opinion; we need to use the blockchain to save hashes for trusted and open-audited JavaScript files to be confirmed by the user. This, however, needs to be done at the browser level to avoid an endless trust loop with JavaScript/browser extensions. blockstrap.com has figured out how to put file hashes on the chain; so technically it shouldn't be a major challenge to do the first part. The browser part is where it gets tricky! |
|
|
This is an orthogonal problem. Something like CBCrypt would solve a real problem we have right now, which is most service providers don't secure their password database correctly.
If a service provider gets hacked to the point that they their javascript is malicious, all your content on that service is probably already pwned.