
Mylar: Experimental platform for web apps with end-to-end encryption (2014) - lowmemcpu
https://css.csail.mit.edu/mylar/
======
dane-pgp
Another approach to securing web apps (against a malicious server) is to let
the browser enforce that each web app's code matches a pre-approved hash. The
technique for doing this was described in a comment thread on Hacker News a
couple of years ago[0], and involves using SRI and a bookmarklet.

The limitations are that the web app's domain doesn't appear in the browser's
address bar, and of course you need some way of deciding out-of-band which
hash corresponds to a safe version of a web app.

Once you trust a specific set of code to do the encryption for you on the
client side, there should be no problem in having it send the encrypted data
to the server for storage. Decryption would be done on the client using a key
derived from a passphrase which the user chooses, and which is never sent back
to the server.

An example of some encrypted data that could be sent to the server is a string
defining which version of the web app the user wants to run. This requires an
initial bootstrapping phase of the web app which checks this user setting
before pulling in a particular version of the rest of its code. Again, the
user would have to use some out-of-band mechanism to decide whether a new
version of the web app really is safe or whether it has been backdoored.

[0]
[https://news.ycombinator.com/item?id=17776456](https://news.ycombinator.com/item?id=17776456)

------
dang
Discussed at the time:
[https://news.ycombinator.com/item?id=7465015](https://news.ycombinator.com/item?id=7465015)

