Re: Open source secure browser-based storage, with a $1000 challenge
- From: daw@xxxxxxxxxxxxxxxxxxxxxxxx (David Wagner)
- Date: Sat, 15 Apr 2006 20:26:58 +0000 (UTC)
requires virtually no trust in the remote server.
If the remote server is the one supplying the Javascript code that you
use for encryption, then I don't know what you mean by "virtually no trust
in the remote server". I would classify that as "virtually absolute trust
in the remote server". Of course, a remote server could supply a malicious
("spiked") implementation of the crypto to just one targetted individual,
and that would be very hard to detect. Moreover, even if the remote server
is trustworthy, I would also worry about pharming, DNS spoofing, phishing,
spyware, and other attacks on web browsers. Web browsers are not a high
security platform to build upon. I would not use such a service for storing
highly critical data.
.
- Follow-Ups:
- Re: Open source secure browser-based storage, with a $1000 challenge
- From: iwhisper . info
- Re: Open source secure browser-based storage, with a $1000 challenge
- Prev by Date: ECC template library
- Next by Date: Re: Open source secure browser-based storage, with a $1000 challenge
- Previous by thread: ECC template library
- Next by thread: Re: Open source secure browser-based storage, with a $1000 challenge
- Index(es):
Relevant Pages
|
