Hacker News new | past | comments | ask | show | jobs | submit login

Sure, I can verify that things aren't being sent in plaintext, and I can verify that they're using sjcl, but I can't verify most of the other things I mentioned. How do I know they're using sjcl right and not introducing some vulnerability (yes, I know I can dig through their JavaScript, but that's a plain in the ass)? I'm not saying I think they've got any problems; I'm just saying, be careful.

These sorts of tools, while convenient, are dangerous without a proper understanding of what you're doing. User beware.




And are you going to verify every message? Because the JS can be changed without you ever realizing it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: