> LastPass may be secure today, but it is trivially easy for LastPass > (or a hypothetical attacker who gains access to LastPass's > infrastructure) to compromise that security simply by replacing the > javascript code which does the client side encryption and decryption > with some code that also passes the encryption key back up to the > server (or wherever).
Hmm, in principle Firefox could support native encryption, where you add the key to Firefox directly before even visiting the website. Being a bit careful about frames and/or javascript should give you a secure solution. The major issue then is, if security matters to you, why do you want to access these files from the web? Are you sitting down on an untrusted computer and just blindy entering your encryption key? Still, adding support for securely encrypted files as a cross browser standard seems like a fundamentally cool thing to do. -- John C. McCabe-Dansted -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
