|
It IS a bad idea.
1) The attacker get access to the server and changes the file on the server, one that writes an html/js that redirects to https://example.com/malicious.html with the same interface and captures your secret password. Proceeds to access your file with your password. 2) The code calls back home in xhr.open('POST', 'https://zlgpaemmniviswibzuwt.supabase.co/rest/v1/rpc/increme...', true); i don't want YOU to know when i open a file, or encrypt a file. 3) The surface attack of the browser is HUGE, there are many escape the sandbox vulns, same origin bypass, zero day exploits that can be exploited, take a look at the cve database of chromium, using the browser the way it is proposed is a big mistake. Finally, the code is not audited, may have cryptographic weakness as pointed in other comments. The solution you made could be good for a class assignment, or to learn how to use cryptojs, but from the security standpoint is a mistake to use it for anything serious. If you are security conscious, you should use VeraCrypt/bitlocker, a simple rar/zip with password, even a pdf/.docx with password, or use a secure server with SSL, sftp?. |