[liberationtech] Encrypted Pastebins: Attack Vectors against ezcrypt.it and 0bin.net
coderman
coderman at gmail.com
Wed Jan 15 01:46:42 PST 2014
On Tue, Jan 14, 2014 at 6:53 PM, Tony Arcieri <bascule at gmail.com> wrote:
> ...
> http://cryptosphere.org
>
> I also detail the present unsuitability of the browser for cryptographic
> applications in this blog post:
>
> http://tonyarcieri.com/whats-wrong-with-webcrypto
i see what you did there. browser based crypto... pointed to localhost!
touché! ;)
agree with your premises:
- failure to provide cryptographic lower bounds
- failure to do crypto outside insecure browser
- failure in trusting https
however i would go further in that cryptosphere demands defense in
depth; put your trusted localhost in an environment isolated from the
browser entirely; Qubes style.
best regards,
More information about the liberationtech
mailing list