|
|
|
|
|
|
by cynwoody
4412 days ago
|
|
|
The problem with browser crypto is that code is downloaded from the server ... nothing to install, so convenient. Right? The danger is that you are back to trusting the server. If they are compromised, you could get served special crypto code that uploads your private pass phrase the next time you log in. The crypto code needs to come from a trusted third party, and the protocol with the server must be dead simple and strictly arms-length, with no logic of any sort downloaded from the server. More like FTP than HTTP/HTML/JS. |
|
|
You're echoing the problem that my question is asking if it solves...
Edit: Also, you definitely need more than the code to come from a "trusted third party", otherwise we would see SaaS startups on HN providing "crypto as a service" (god help us).