
Show HN: Send password securely to a friend through any IM - tanin
http://tanin.nanakorn.com/labs/secureMessage?1
======
digital_ins
Two points: 1\. Would you have my password / private key / both? 2\. Why does
it say 'As of now in 2014'?.... Instead of 2015?

Perhaps you could provide a Privacy Policy and tell us what jurisdiction it
would be enforceable for?

~~~
tanin
> 1\. Would you have my password / private key / both?

The public and private keys are randomly generated on the client side with
JSEncrypt (Javascript).

I don't have your private key and your password, as they never leave your
machines. (And if you reload the page, then the private key is lost forever)

I might have the public key in the log because it is a part of the URL for
encryption.

> 2\. Why does it say 'As of now in 2014'?.... Instead of 2015?

It was built in 2014. I haven't updated it.

> Perhaps you could provide a Privacy Policy and tell us what jurisdiction it
> would be enforceable for?

I'm not sure what this means or how to make one. Could you explain more?

Thanks for the good questions!

~~~
digital_ins
I asked about the privacy policy because I assumed that you also had
visibility of my private key (I assumed you were generating it on your
server). Usually I look to the privacy policy to see what information you're
receiving and storing. Re jurisdiction: privacy policy agreements are
appendages of the terms of use - which is subject to law only in defined
jurisdictions.

~~~
tanin
Ah, got it now. That's a good thing to have.

------
tech_crawl_
Why did you decide to use JSEncrypt?

~~~
tanin
No particular reason. It just looks like a good one (e.g. high fork number, a
lot of opened and closed issues).

I'm open to suggestion though, if you have a better one.

