I'm very interested in computer security. I'm following the development of PGP since the `90s, when the first international version was available. ...
Anyway. What I found out for me is, that its much more fun to have a closer look at how users deal with sensible information.
Yes. Danielos code uses the library but I didn't have a closer look at the implementation.
Danielos plugin leaves some fields of a tiddler untouched for convenience reasons.
For some usecases this may be no problem. For others it is.
eg:
created 20140828081424710
creator pmario
modified 20141103103734401
modifier pmario
tags plugins
title test tile
So if someone gets this info there are still some questions that can be answered very easily.
eg: Who did the last edit and when. ... So if you need "plausible deniable encryption" [2] some more changes may be needed.
-------------
There is a talk from Tim Taubert about the upcoming native browser "WebCrypto API" [1]. This mechanism is less vulnerable against code injection into the library, since javascript doesn't have access to the crypto functions. .... The mechanisms used in the video are the same as used by the tw crypto library. ... The problem at the moment is browser support.
But imo it is still an area to have a closer look.
have fun!
mario
[1]
https://timtaubert.de/blog/2014/10/keeping-secrets-with-javascript/[2]
http://en.wikipedia.org/wiki/Deniable_encryption