|
|
|
|
|
|
by larrybolt
4308 days ago
|
|
|
Offer end-to-end encryption could be solved using a javascript library which encrypts/decrypts the secret in the browser, and passing the key behind a #, kind of the way mega.co.nz does it. Than you can always verify that what you typed actually never get's submitted to the host unencrypted. |
|
|
http://matasano.com/articles/javascript-cryptography/
http://tonyarcieri.com/whats-wrong-with-webcrypto
I'd say the main issue with that is sending an encryption package over an insecure channel. While you could verify the package independently (check a hash against a publicly known one) you're already into advanced user territory and the "encryption for everyone" point of this is gone.