Hacker News new | ask | show | jobs
by tptacek 883 days ago
Right, so you might as well just skip the public key cryptography, which isn't doing anything in your design. Instead, just rely on TLS, and give each piece of content a UUID. Then you can just promise not to read it, the same way you're promising not to steal keys.
1 comments
jackson1442 883 days ago
You can look at the code in your browser's debugger. It's not minified, and is actually quite simple. You can also watch the network inspector to see that it's not sending data back to the server.
link
tptacek 883 days ago
Performing a cryptographic penetration test every time you (or, behind your back, your browser) loads a page is a problematic strategy for deploying cryptography on the Internet.

I think the previous comment came across as snark, but it's not snarking; it's a genuine suggestion. The thing they're trying to build can work, and find users, without the performative cryptography.

link
quesera 883 days ago
Agreed on continuous code audit issue! This is the non-resolvable problem with browser-based services.

But I think the cryptography is not entirely performative, and your suggestion of a UUID KVS is not the same model.

In Retriever's model, as I understand it, Alice generates the keypair which Bob will use to send data to Alice. Alice sends the pubkey to Bob (via URL) and Bob encrypts and submits. Bob then sends a new URL to Alice to decrypt and read. (Not sure why this second URL exchange is necessary, unless it contains the encrypted data?).

Only the original receiver (and Retriever/page host) can decrypt the data. Neither of the URLs are secrets, although possession of the first URL would allow an attacker to encrypt arbitrary messages for Bob, and maybe that's why Bob waits for Alice to send the second URL.

That said, it's a fun experiment but too awkward for anything but ad hoc secret sharing between strangers with no better comms channels. Which is not something I do.

link
tptacek 883 days ago
I'm not sure I follow. What is the degree of assurance the cryptographic version of this web page can provide that a UUID and a database can't? Remember, the web page can itself surreptitiously decrypt anything Alice or Bob encrypt or decrypt.
link
quesera 883 days ago
Zero, unless you host it yourself.

Agreed, not practical but a bit more involved (both simpler and more complicated) than a UUID KVS.

link
UncleMeat 882 days ago
Right but that works just as well to determine that some js that just uses ordinary network-layer security to send some data doesn't steal anything.
link