Hi Kolmar Good question. My few pennyworth:
1) The Stanford JavaScript Library that TW5 uses is open source therefore open to expert inspection. It is an implementation of algorithms that are themselves highly standardised. Those factors should increase our confidence a good deal but there is still a risk that either the algorithms or implementation have been subtly influenced by an adversary in order to weaken them. It seems improbable that an adversary would specifically attack SJCL, perhaps more likely that the underlying standards have been weakened. 2) The authors of SJCL are also careful to note the limitations imposed by browsers and JavaScript. For example, it's hard in the browser to generate the truly random data needed by crypto algorithms. 3) I'm not a security expert; therefore my implementation of SJCL may be broken in some subtle way. We need more expert eyes to verify the implementation, I think. I believe that (2) and (3) are a much higher risk than (1) - but again, I'm not an expert. Like most people, I rely on the opinions of experts that I trust, such as Bruce Schneier. This is what he's recently had to say on the specific question of the NSAs cryptographic facilities: https://www.schneier.com/blog/archives/2013/09/the_nsas_crypto_1.html He has also written some advice to help people respond: http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance So, right now, maybe a good strategy might be to use an encrypted TW, but maybe encrypt it further before emailing it. Best wishes Jeremy On Wed, Sep 11, 2013 at 11:58 AM, kafran <[email protected]> wrote: > In times of Snowden (Rs) an other good use for TiddlyWiki is to send > encrypted data through e-mail, since it is beautiful, easy and > self-contained ^^ > But, is it secure enough to keep sensitive data? > > -- > You received this message because you are subscribed to the Google Groups > "TiddlyWiki" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/tiddlywiki. > For more options, visit https://groups.google.com/groups/opt_out. > -- Jeremy Ruston mailto:[email protected] -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/tiddlywiki. For more options, visit https://groups.google.com/groups/opt_out.
