
Web Security at N26 - caludio
https://medium.com/insiden26/web-security-at-n26-d1b4644c32fb
======
entity345
> "In practice, front-end encryption works like this: on start, the server
> generates two keys, a public one which makes its way to the client in a
> cookie, and a private one which stays on the server. In the browser, the
> public key is used to encrypt a certain payload before sending it to the
> server via a XHR request."

What's the point of that?

~~~
craftoman
Yeah what's the point of not blind trust HTTPS? Close your eyes and pray to
the mighty Gods and Queens when HTTPS fails either on server or on clients if
they get infected with some kind of a malware and you get everything plain
text.

