|
|
|
|
|
|
by joethei
1281 days ago
|
|
|
We did not implement the crypto part ourselves.
We use the SuptleCrypto Web API implementation and a library called scrypt (this one: https://github.com/ricmoo/scrypt-js). We also had someone from the EteSync/EteBase project take a look at the code before Obsidian Sync was released. |
|
|
> Warning: This API provides a number of low-level cryptographic primitives. It's very easy to misuse them, and the pitfalls involved can be very subtle. Even assuming you use the basic cryptographic functions correctly, secure key management and overall security system design are extremely hard to get right, and are generally the domain of specialist security experts.
Errors in security system design and implementation can make the security of the system completely ineffective.
Given the potential volume of people's personal data that might be stored, this is certainly an area you would want to get right.