Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

There is one (and probably only one) case when js crypto makes sense. And that is when server operator wants to convince third party that he cannot access encrypted data at rest stored on the server. Client side JS based encryption (and by the way also things like hushmail) does not help in any way when you don't trust the server.


> And that is when server operator wants to convince third party that he cannot access encrypted data at rest stored on the server.

Or the server actually doesn't want to store unencrypted data.


...server operator wants to convince third party that he cannot access encrypted data at rest stored on the server

Indeed. Or simply because the same party owns the server and the client.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: