Hi Yiorgis. The Crypho web page says: "No-one can access your data, either in transit or when stored — Not even Crypho staff or the government."
Yet, you acknowledge that "we are aware of the potential problems of serving JS [Javascript]", meaning it's trivial for your staff or a government to compromise the Javascript code and cause it to leak plaintext data. Even the authors of the Stanford Javascript Crypto Library (SJCL), which Crypho "uses solely", say that it's not feasible to secure: "Unfortunately, [SJCL] is not as great as in desktop applications because it is not feasible to completely protect against code injection, malicious servers and side-channel attacks." (http://crypto.stanford.edu/sjcl/) On Sat, Mar 23, 2013 at 3:57 AM, Yiorgis Gozadinos <[email protected]>wrote: > We are aware of the potential problems of serving js. We will eventually > ship an installable app, but at the moment, with daily updates, ease of > deployment wins.
-- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
