Native JS Encryption

Shabsi Walfish shabsi at google.com
Mon Mar 21 08:58:09 PDT 2011


Just FYI, you are going to run into the problem of key portability. If the
key is derived from a password, your encrypted copy of the user's data
(which might be subject to subpoena?) could be easily cracked via offline
dictionary attacks. I hope you at least plan to use a salt, many iterations
of a good derivation function, etc. IMHO, users would be better off if you
just t-of-n secret shared their storage across multiple hosts in different
countries instead, but I can see why thats a challenge.

Shabsi

On Mon, Mar 21, 2011 at 5:22 AM, Boris Zbarsky <bzbarsky at mit.edu> wrote:

> On 3/21/11 4:40 AM, Erik Corry wrote:
>
>> You want to protect the user from a compromise of Mozillas servers,
>>
>
> We also want to protect the user from a subpoena served to Mozilla, for
> example.  This means we must never have the data on our side, and this means
> the encryption needs to happen on the client, period.  This is not
> negotiable for proper functioning of the feature in question.
>
> -Boris
>
> _______________________________________________
> es-discuss mailing list
> es-discuss at mozilla.org
> https://mail.mozilla.org/listinfo/es-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20110321/4badc0b1/attachment.html>


More information about the es-discuss mailing list