Hacker News new | ask | show | jobs
by bascule 4894 days ago
Confirm. This system was obviously designed by people who had no idea what they were doing, which is about the last thing you want in a cryptosystem. Failing to authenticate the JS cryptographic code (TLS would've helped here) makes this system effectively worthless and simple to MitM.

A good read on the matter is Matasano's JavaScript Cryptography Considered Harmful: http://www.matasano.com/articles/javascript-cryptography/
2 comments
STRML 4894 days ago
I wasn't aware of the MITM issues, thank you for letting me know. I'm working on setting up a cert as we speak.
link
STRML 4894 days ago
HTTPS is now enabled on the site. Thanks for letting me know.

Just curious, do you see any other red flags in the system?

link