100% client-side encryption
56 views
Skip to first unread message
LanceHaverkamp
Oct 26, 2008, 1:18:14 PM10/26/08
to privnote-support
Great! I'm always glad to hear someone is looking forward in terms of
cryptography!
I realize that privnote is not designed to be high-level crypto, but I
wanted to make sure you knew that SHA-1 is considered broken. It's
far less of an issue for encryption that it would be for digital
signatures, but if you haven't started writing code yet, you might
want to step-up from SHA-1.
Also you might want to look at the code for FireGPG, http://getfiregpg.org/
I don't know whether it would be easier to use java, or to use
something standards-based like GPG.
> Lance: there is also a plan to implement 100% client-side encryption
> using Javascript and these libraries for hashing and encryption:
>
> AES encryption:http://www.movable-type.co.uk/scripts/aes.html
> SHA1 hashing:http://www.movable-type.co.uk/scripts/sha1.html
>
> Pablo.
cryptography!
I realize that privnote is not designed to be high-level crypto, but I
wanted to make sure you knew that SHA-1 is considered broken. It's
far less of an issue for encryption that it would be for digital
signatures, but if you haven't started writing code yet, you might
want to step-up from SHA-1.
Also you might want to look at the code for FireGPG, http://getfiregpg.org/
I don't know whether it would be easier to use java, or to use
something standards-based like GPG.
> Lance: there is also a plan to implement 100% client-side encryption
> using Javascript and these libraries for hashing and encryption:
>
> AES encryption:http://www.movable-type.co.uk/scripts/aes.html
> SHA1 hashing:http://www.movable-type.co.uk/scripts/sha1.html
>
> Pablo.
LanceHaverkamp
Oct 26, 2008, 1:20:49 PM10/26/08
to privnote-support
I forgot to mention that FireGPG has api that allows you to design a
website that uses GPG's features on the client already!
website that uses GPG's features on the client already!
Reply all
Reply to author
Forward
0 new messages