Hacker Neue

Preferences
tucnak parent
> there is never any security since the code in the browser can simply be swapped with compromised code that diverts the plaintext somewhere.

This is not the case in the land of DICE-like key derivation; see TKey protocol for example. You can download and run an actual rv32 program on actual FPGA over WebUSB without having to worry about its provenance. If the program is modified, firmware will derive a completely different key.

pareidolia
Zivver is a web application. The javascript that comes with the webpage can change at any time for any reason, as Zivver sees fit.
tucnak OP
I'm simply pointing out that web standards allow for secure end-to-end communication, and more, in fact they happen to allow arbitrary cryptographic constructions—as long as the program itself never changes.
pareidolia
But this requires special hardware right?
tucnak OP
Not necessarily. You can run TKey in qemu :-) etc. The hardware aspect is what makes it easy to use, with WebUSB and all. The derivation algorithm is key. And it takes program binary as parameter to Blake2 hash function.

This item has no comments currently.

Keyboard Shortcuts

Story Lists

j
Next story
k
Previous story
Shift+j
Last story
Shift+k
First story
o Enter
Go to story URL
c
Go to comments
u
Go to author

Navigation

Shift+t
Go to top stories
Shift+n
Go to new stories
Shift+b
Go to best stories
Shift+a
Go to Ask HN
Shift+s
Go to Show HN

Miscellaneous

?
Show this modal