On Monday, November 10, 2014 5:05:36 PM UTC+1, Ed Dixon wrote: > > Your points regarding plain text, code injection, ease of dropping a > trojan using drag and drop functionality, and code review are well > thought out and expertly explained. You obviously have some experience > working with computer security. >
I'm very interested in computer security. I'm following the development of PGP since the `90s, when the first international version was available. ... Anyway. What I found out for me is, that its much more fun to have a closer look at how users deal with sensible information. > I have assumed that Danielo's code also uses makes use of the library, > while we are on the subject do you know if this is the case? > Yes. Danielos code uses the library but I didn't have a closer look at the implementation. Danielos plugin leaves some fields of a tiddler untouched for convenience reasons. For some usecases this may be no problem. For others it is. eg: created 20140828081424710 creator pmario modified 20141103103734401 modifier pmario tags plugins title test tile So if someone gets this info there are still some questions that can be answered very easily. eg: Who did the last edit and when. ... So if you need "plausible deniable encryption" [2] some more changes may be needed. ------------- There is a talk from Tim Taubert about the upcoming native browser "WebCrypto API" [1]. This mechanism is less vulnerable against code injection into the library, since javascript doesn't have access to the crypto functions. .... The mechanisms used in the video are the same as used by the tw crypto library. ... The problem at the moment is browser support. But imo it is still an area to have a closer look. have fun! mario [1] https://timtaubert.de/blog/2014/10/keeping-secrets-with-javascript/ [2] http://en.wikipedia.org/wiki/Deniable_encryption -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/tiddlywiki. For more options, visit https://groups.google.com/d/optout.
