[cryptography] crypto.cat

natanael.l at gmail.com natanael.l at gmail.com
Sat Mar 31 17:51:46 EDT 2012


It's running in a browser using JS...


2012-03-31 23:33 skrev Nadim:

This strikes me as a sizeable assumption. 


NK


On Saturday, 31 March, 2012 at 5:28 PM, natanael.l at gmail.com wrote: 
And javascript controls how it is used. Modify or add some JS and you can take the key.


2012-03-31 22:56 skrev James A. Donald:

On 2012-04-01 6:17 AM, natanael.l at gmail.com wrote:
> There are two issues IMHO:
>
> * SSL flaws/Javascript MITM/bad servers. Your key can be leaked.


According to the spec, your key remains on your browser.


So cannot be leaked unless your computer has been got at.

_______________________________________________

cryptography mailing list

natanael.l at gmail.com
http://lists.randombit.net/mailman/listinfo/cryptography




_______________________________________________
cryptography mailing list
cryptography at randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography 



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20120331/edf00df2/attachment.html>


More information about the cryptography mailing list