ohio, On Fri, Apr 17, 2015 at 10:56:01AM -0700, Ron Garret wrote: > 1. It is a standalone web application.
putting keys in the browser is like putting keys in front of a dmz. browsers are not designed for this, they are designed for delivering impressions and services to you. the security features you find in any browser are there to secure the revenue-stream of some companies, not for the protection of the interests of its users. (same goes for phones), the tool might be good (haven't checked), but the foundation it's built on is sand. you want to isolate your keys, current end-host security does not provide much protection against some malware in case recovery of your keys becomes a priority. you also want to make sure the code running is authentic, with js delivered over the net this is quite hard to do verifiably (again, not your protection, industry revenues are the thing to protect). cheers,s _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
