|
|
|
|
|
|
by geofft
4145 days ago
|
|
|
Certain companies have been extraordinarily interested in implementing WebCrypto without mandating HTTPS. Which is to say, a man-in-the-middle attacker could trivially modify the JS that calls WebCrypto and cause different operations to be performed. My suspicion is that they have contractual agreements with the non-technical folks in the studios that they have to "encrypt" content, and the technically-competent redistributor has no direct interest in the crypto being sound. If the API gave them 256-bit military-grade AES encryption, but only in ECB mode, they'd probably use it. |
|
|