[cryptography] Introducing SC4 -- feedback appreciated
dominik at dominikschuermann.de
Fri Apr 17 14:27:25 EDT 2015
-----BEGIN PGP SIGNED MESSAGE-----
what problem of traditional PGP implementations did you solve?
* Looks like key exchange problem is still present (sent by mail)
* Any key authentication? I don't see any verification or
On 04/17/2015 08:21 PM, stef wrote:
> On Fri, Apr 17, 2015 at 10:56:01AM -0700, Ron Garret wrote:
>> 1. It is a standalone web application.
> putting keys in the browser is like putting keys in front of a dmz.
> browsers are not designed for this, they are designed for
> delivering impressions and services to you. the security features
> you find in any browser are there to secure the revenue-stream of
> some companies, not for the protection of the interests of its
> users. (same goes for phones), the tool might be good (haven't
> checked), but the foundation it's built on is sand. you want to
> isolate your keys, current end-host security does not provide much
> protection against some malware in case recovery of your keys
> becomes a priority. you also want to make sure the code running is
> authentic, with js delivered over the net this is quite hard to do
> verifiably (again, not your protection, industry revenues are the
> thing to protect).
> cheers,s _______________________________________________
> cryptography mailing list cryptography at randombit.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the cryptography