Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

What kind of security risk do you have in mind?


Take a look at this:

http://www.vincentcheung.ca/jsencryption/

A lot of ciphers have been ported to JavaScript now:

http://code.google.com/p/crypto-js/


Why would you want a pastebin app to encrypt your stuff for you? A pastebin is a place where you just post something for random folks to view. It's like imgur for text. Yeah, there's ezcrypt, but I honestly don't see the point.

If you want to password-protect your paste, you are free to pass it through GPG before posting it. Much better security than trusting a third party's JS library which may have been modified in transit or even contain a back door.


And what benefit do you imagine that conferring?


By encrypting the data before turning into a URL neither the server, nor anyone who obtains that URL would be able to read the message without knowing the password.


Kinda like how ezcrypt works? https://ezcrypt.it/


As I understand it this is exactly how Zerobin works. The server stores the encrypted data, and the key is passed in the URL only.


Previous discussion about cryptography implemented in Javascript:

http://news.ycombinator.com/item?id=2935220

It links here:

http://www.matasano.com/articles/javascript-cryptography/




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: