|
|
|
|
|
|
by anbardoi
794 days ago
|
|
|
I appreciate the resources, I read each of them. The file is essentially no different from a password, but the major difference here is that I would not store the file on my server, nor the decryption keys. Only the sha256 checksum of the file. An attacker can do very little with a checksum associated with user data. I know this is a novel approach, but thats why I'm trying this on a project that is hardly sensitive as an anonymous blogging platform. If there are vulnerabilities, the data gained by an attacker would not even be very valuable. |
|
|