Hacker News new | ask | show | jobs
by uncled1023 2820 days ago
So one thing, it mentions that it is JS dependence free. How are you encrypting the files client side then?

If you are encrypting the files server side, then that is NOT E2E encryption.
2 comments
jesseb 2820 days ago
There are JavaScript files in the GitHub repository, so I'm going to assume they mean third-party dependencies, but some more clarification would be nice.

There is a file called cipher.js with encrypt and decrypt functions https://github.com/countable-web/cryptsend/blob/develop/publ...

link
uncled1023 2820 days ago
Yea, and I just noticed it downloading a bunch when visiting the page. So it's probably safe to assume they mean 3rd Party.
link
ech085 2820 days ago
Confirmed. The intent is anyone can audit our whole codebase in one GitHub repo for vulnerabilities and not scripts spread across many CDNS and projects which may change over time.
link
JepZ 2820 days ago
I wonder what JS dependencies FTP has...
link
ech085 2820 days ago
Good catch, thanks! We'll fix that.
link