1 Dec
2013
1 Dec
'13
8:31 p.m.
Am 01.12.2013 14:20, schrieb Markus Wernig:
On Sat Nov 30 13:00:45 CET 2013, Thomas Bruederli wrote:
But in terms of architecture, a purely client-side encryption/decryption is the preferred and most secure way.
OK, this depends on which side of the cryptosystem you assume to be more trustworthy: the server or your browser runtime. Especially javascript has some major drawbacks when it comes to crypto (just think XSS). See eg. here for a discussion: http://www.matasano.com/articles/javascript-cryptography/
[...] So I'd rather stick with a server-side approach, even if it would not make it into an official release.
Same here.
Kind regards, jonas