|
|
|
|
|
|
by eli
4664 days ago
|
|
|
This idea (encryption in javascript in a regular web browser) comes up very often on HN. It's not a good idea. Since I have no way to trust/verify that the encryption code itself has not been tampered with (beyond HTTPS) then it is only secure as HTTPS. You've added a fair bit of complexity for no specific benefit; likely a net loss in terms of security. |
|
|
1) Comparing hash of the js files loaded externally.
or
2) Keeping hash authenitcated javascript files from local disk?