Hacker News new | past | comments | ask | show | jobs | submit login

You’ve identified a nice juicy target there. So, how much work have you put in towards making it secure? How much work have you done to make it robust in the face of concerted attacks?

Another great question! Regarding Security/Defense:

Browser sessions are protected using TLS versions 1.0 through 1.2 for maximum browser compatibility. ECDHE cipher suites are supported to provide Perfect Forward Secrecy (when supported by the browser). There are limits imposed on login attempts per user, per IP, and per session. If per-user limit is reached, then IP whitelists are imposed. Saved passwords and associated data are protected using AES-256 with salt and MAC. Beyond that, the security of the product ultimately relies on choosing a strong password, verifying your certificate, and restricting physical access to your PC.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact