Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

"Encryption in the browser" just screams "boondoggle" to me.


Why?


Finally someone with some brains!

That pesky browser thing never could do anything of value. Umm...Dah... What a joke! It's all "boondoggle"!

It unquestionably couldn't ever be used to build "apps" [1].

Certainly could never ever be fast enough [2].

Obviously cannot ever possibly utilise multiple cores [3].

Most definitely never ever could do 3D [4].

So, you're right, I doubt it will ever do crypto [5].

Those fools might even consider "Online Banking" or something crazy like that!

When will those stupid browser idiots learn?

http://alwaysbetonjs.com

[1] http://facebook.com, http://gmail.com, http://twitter.com, etc.

[2] http://arewefastyet.com - http://madebyevan.com/webgl-path-tracing/

[3] http://w3.org/TR/workers - http://chromium.org/developers/design-documents

[4] http://khronos.org/webgl - http://chromeexperiments.com/webgl - http://ro.me

[5] http://w3.org/TR/WebCryptoAPI/


Let's get the web crypto done, and maybe then we can find an "Encrypt before you upload" button on every single web service that stores your data, from e-mail to Dropbox-like services.

Hopefully the Government hasn't tried to put a backdoor in it, but I assume that would be discovered pretty quickly.


You're setting yourself up for disappointment ^w^

We can dream though, can't we?


I'll just leave this here.

http://www.matasano.com/articles/javascript-cryptography/


This article seems to focus mainly on digital signatures. Encryption does not necessarily involve ensuring data source authenticity.

If you have an SHA hash as part of the request url and you can trust the SHA hash calculator to verify the authenticity of the final file then you can trust the whole encryption layer to return whatever data it wants because hash verify will refuse tampered servers.

The trick is to ensure the hash calculator is 100% untampered. For the more paranoid people this means using command line hash calculator for this just as it's used for linux distro .iso files etc.


The same vulnerability that would exist in the hash calculator could exist in the hash calculator locally to induce data loss, theft, etc. The same security challenges that face a hash algorithm in a browser affect encryption ability as well. Presumably the decryption happens in the browser as well which would preclude your post.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: