[liberationtech] Encrypted Pastebins: Attack Vectors against ezcrypt.it and 0bin.net
Scott Elcomb
psema4 at gmail.com
Tue Jan 14 20:42:25 PST 2014
On Tue, Jan 14, 2014 at 9:44 PM, Uncle Zzzen <unclezzzen at gmail.com> wrote:
> Maybe one day JS will introduce signed code :)
Coming at that from a different angle...
tl;dr [1]
It's possible to sign JS, it's just a pain. See for example:
<http://tjl73.altervista.org/HTML_sign_tutorial/tutorial_en.html>
If the SPA[2] concept is reduced to atomic documents[3] then signing a
web app and it's code becomes feasible[4] with some planning and
trade-offs[5][6].
FWIW, I'll start signing Atomic OS reference implementations[7] in my
next release.
Cheers
[1] <view-source:http://tjl73.altervista.org/HTML_sign_tutorial/example.html>
[2] Single Page Application
[3] "The Atomic Client Document" at <http://code.google.com/p/atomos/>
[4] If there's only one signature to verify, it should be easier to
convince people to do so
[5] For transparency to work, minification should be avoided and
probably most 3rd party libraries as well
[6] Embedded binaries (ie images) need to be kept to a minimum due to
size concerns
[7] <http://psema4.github.io/Atomic-OS/>
--
Scott Elcomb @psema4
http://psema4.com/pubkey.txt
http://www.pirateparty.ca/
More information about the liberationtech
mailing list