[liberationtech] Encrypted Pastebins: Attack Vectors against ezcrypt.it and 0bin.net
Uncle Zzzen
unclezzzen at gmail.com
Tue Jan 14 18:44:06 PST 2014
> 3. "Passive" global adversary attack:
>
> As long as the JS is what the owner claims it is (assuming it's code that
has been peer reviewed enough according to your standards), it doesn't
matter whether they confiscate the hard drive or just listen. Either they
can break the encryption or they can't. We can only hope peer review didn't
miss anything.
The other 2 active methods you've mentioned (pwning the host, and MITM)
would work, of course.
Maybe one day JS will introduce signed code :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140115/2360ebfd/attachment.html>
More information about the liberationtech
mailing list