|
|
|
|
|
|
by kevin_nisbet
2714 days ago
|
|
|
As others have pointed out, this doesn't really work, for a couple factors such as the lack of direct TCP connections from the browser, and that the ssh client is for node. But I also wanted to remind everyone, that even with a javascript implementation that works, you're still trusting the server to give you the correct javascript when the site is loaded. In my mind, this doesn't make moving the crypto any more secure, since to attack you, I can just modify the javascript client on next page load to include a back door. So either way, ShellVault has complete access to your server, because they control the implementation that runs in the browser. |
|
|