-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 19/06/13 18:06, Steve Weis wrote:
> I also noticed the verification code might be susceptible to a
> timing attack: "if (hex_hmac_sha1(key, text) === hmac)"
It looks like the adversary might be able to bypass MAC checking
entirely: decryptNode() ac
I have one correction to my quick look at the encipher.it code. I had
misread this line:
"hmac = hex_hmac_sha1(key, _this.text);" in https://encipher.it/javascripts/
encipher.js
I did not notice the second parameter and thought this was just MACing a
key, which wouldn't make much sense. It's actua
Agreed,
Security is all about trust. If you install pgp in debian you are
trusting package maintainers, package server administrators, whoever
most recently patched pgp code, the debian OS, the hardware that your
computer is running and the other applications running on your OS.
Most people don't
Wasabee wrote:
> why does everyone want to trust yet another third party to encrypt data
> on their behalf :)?
>
We're all relying on someone else's code to some extent, which is why I
fully support approaching groups of knowledgeable people for their input. :D
~Griffin
--
Too many emails? U
why does everyone want to trust yet another third party to encrypt data
on their behalf :)?
if u want to encrypt stuff, u should do it on ur machine. Maybe what
people should be searching for is an easy-to-use, audited and open
source stack to do it.
if we are too lazy to do it ourselves and wan
It's not safe.
This is their bookmarklet:
(function(){document.body.appendChild(document.createElement('script')).src='
https://encipher.it/javascripts/inject.js';})();
That loads a JavaScript file from the encipher.it site, which can be
changed at any time and compromise your messages without yo
Have you guys seen this?
https://encipher.it/
I've searched through the archives but didn't see anything. I'm wondering
how safe this is.
It has received some small attention on the media before.
http://www.pcworld.com/article/255938/encipher_it_encrypts_email_for_free.html
Thoughts?
--
*Lor