|
|
|
|
|
|
by javajosh
3820 days ago
|
|
|
I really like this solution, but it is still quite vulnerable to an inside job. To wit, if someone at jotform wanted they could poison the page, and recover the private key (or the data directly). To address that you need process isolation between the storage of the cyphertext and the manipulation and use of cleartext. This eliminates the browser since for all intents and purposes it is not an isolated process. (You could still use the browser, but provide your tools as an extension that would, presumably, be inspected by users when it updated.) That said, your solution takes care of a lot of other threat models, but it doesn't really protect users from you. |
|
|