10 comments

[ 3.1 ms ] story [ 36.8 ms ] thread
Is it me or is the page being served over an unencrypted channel a gaping security hole?

I presume it encrypts on the client side, but whats to stop a man in the middle swapping the javascript so it sends the attacker your files?

Yes thank you, I should have taken care of this sooner.

It now force redirects, hats off to CloudFlare for being free SSL provider.

Is this open source? The JavaScript that encrypts the file (sjcl.js) is minified and I don't feel like spending hours trying to figure out what it does. Is this a JavaScript library that was reused from somewhere?
Encryption password entry in the clear in a dialog!

That should at least be <input type="password">

I think it is on purpose, as you are only asked to type it once. Type the wrong thing, and no way to decrypt the file.