You are viewing a single thread.
View all comments
7 points

This seems like a cool idea, but also somewhat questionable from a security standpoint? Isn’t distributing the encrypted content alongside the means to decrypt it (i.e. bundling this all in one file which is sent to the client) essentially equivalent to providing physical access to an encrypted drive? Like an attacker with enough time and effort could bypass the encryption.

permalink
report
reply
10 points

It is not a problem to distribute the decryption algorithm. The question remains against what this will protect. Normal https encrypts the traffic safely during transit. With this, the data is also encrypted on the server. But if you can access the server, you can modify the javascript code to send the password back to a server.

It could be used on something like IPFS, where all data is basically public but you can be sure it hasn’t been modified.

permalink
report
parent
reply
7 points

Exactly. This shouldn’t be used to store your taxes, for example. But it might be good if you want to post details about your baby shower without your parents getting the details.

permalink
report
parent
reply
3 points

Yep, definitely situational depending on your risk model/tolerance; pretty cool idea nonetheless.

permalink
report
parent
reply

Open Source

!opensource@lemmy.ml

Create post

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

  • Posts must be relevant to the open source ideology
  • No NSFW content
  • No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

Community stats

  • 4.7K

    Monthly active users

  • 1K

    Posts

  • 9K

    Comments