168

Staticrypt: Password protect a static HTML page, decrypted in-browser in JS with no dependency. No server logic needed. (github.com)

submitted 3 weeks ago* (last edited 3 weeks ago) by sag@lemm.ee to c/opensource@lemmy.ml

21 comments fedilink hide all child comments

HN discussion: https://news.ycombinator.com/item?id=41404064

Similar tools:

https://github.com/dividuum/html-vault

https://github.com/MaxLaumeister/PageCrypt

https://github.com/a-nau/password-protected-website-template

https://github.com/sowbug/quaid

https://github.com/mprimi/portable-secret

Thanks to @refalo@programming.dev

you are viewing a single comment's thread
view the rest of the comments

[-] elliot_crane@lemmy.world 8 points 3 weeks ago

This seems like a cool idea, but also somewhat questionable from a security standpoint? Isn’t distributing the encrypted content alongside the means to decrypt it (i.e. bundling this all in one file which is sent to the client) essentially equivalent to providing physical access to an encrypted drive? Like an attacker with enough time and effort could bypass the encryption.

[-] Mike1576218@lemmy.ml 12 points 3 weeks ago

It is not a problem to distribute the decryption algorithm. The question remains against what this will protect. Normal https encrypts the traffic safely during transit. With this, the data is also encrypted on the server. But if you can access the server, you can modify the javascript code to send the password back to a server.

It could be used on something like IPFS, where all data is basically public but you can be sure it hasn't been modified.

load more comments (2 replies)

this post was submitted on 31 Aug 2024

168 points (98.8% liked)