HN discussion: https://news.ycombinator.com/item?id=41404064
Similar tools:
https://github.com/dividuum/html-vault
https://github.com/MaxLaumeister/PageCrypt
https://github.com/a-nau/password-protected-website-template
https://github.com/sowbug/quaid
https://github.com/mprimi/portable-secret
Thanks to @refalo@programming.dev
Clone it before the Glowy Boys declare it a weapon of mass destruction and preemptively nuke the repo.
Static
Javascript
Has someone changed the meaning of static? I’ve always thought it meant the opposite of Dynamic HTML
Static files as in static file handling in a web server no CGI, modules, server side code required.
This seems like a cool idea, but also somewhat questionable from a security standpoint? Isn’t distributing the encrypted content alongside the means to decrypt it (i.e. bundling this all in one file which is sent to the client) essentially equivalent to providing physical access to an encrypted drive? Like an attacker with enough time and effort could bypass the encryption.
Exactly. This shouldn’t be used to store your taxes, for example. But it might be good if you want to post details about your baby shower without your parents getting the details.
It is not a problem to distribute the decryption algorithm. The question remains against what this will protect. Normal https encrypts the traffic safely during transit. With this, the data is also encrypted on the server. But if you can access the server, you can modify the javascript code to send the password back to a server.
It could be used on something like IPFS, where all data is basically public but you can be sure it hasn’t been modified.
Sounds like JS is a depend
Well yeah, you need to do the computation somewhere and it’s not doing it on the server so…
Right, so it has a depend and it won’t work for many users
There’s no way to otherwise make this work for many users. They can use Tor if they’re worried.
Sure there is. Don’t do it in a browser.
