| You don't need to control the server But you can still control access to the content, distributing the password by other channels. A plausible use case for this (... like basically any crypto thing) would be clandestine organizing. Significantly less sophistication required, and much less of a trail left, to put a static site online. Shit, you wouldn't even need to host it as a site: you could drop it somewhere as text, eg on a pastebin or in a forum comment, with "save as .html and open" instructions. And you could distribute the encryptor itself the same way. The really great thing about this is that you could do practical human crypto, without Alice or Bob needing any special knowledge or equipment besides a web browser, using arbitrary uncontrolled public infrastructure. ... though if someone knows the password + controls the infrastructure you've used, they could substitute their own content. ... also short password + direct access to ciphertext -> easy brute force. ... also everything here: https://news.ycombinator.com/item?id=14554187 Wouldn't use it for anything state-level or life-or death.
There are mitigations, but that would increase the difficulty and necessary sophistication for using it.
Actually, this probably falls into the uncanny valley where it seems just accessibly cyberpunk enough to be extremely dangerous to anyone relying on it. But still, really cool IMO. |