Closed CookieCrispInYourBumBum closed 6 years ago
Increase count of dependencies (?).
Well… we would get rid of scjl and just replace it. Okay not really, as we need to be compatible to earlier versions. And in the end also TripleSec might depend on something, but well…
Generally speaking the plan for 1.3 is to implement AES based on the browser integrated libraries and only load SJCL if necessary for old pastes (or not at all if we succeed in replicating SJCLs format using standard algorithms). We could extend that format to specify the algo and therefore have optional support of this library, but that is certainly not gonna be my focus once we get there.
I am currently still finding (and fixing) regressions in the large JS refactoring of last year and hope to get the coverage of the JS code to at least 90% before we release 1.2 and can finally move on to the crypto format stuff.
If AES-GCM is broken, the encryption scheme of your pastebin will be the last of your worries to be honest…
I'm a bit of a crypto nut and love ridiculous amounts of security, so naturally I love TripleSec ( https://keybase.io/triplesec/ ). I was wondering if you would be able to add TripleSec as an option for people to use on PrivateBin?
I know there could be an issue switching between AES and TripleSec (unless you specified which method you're using in each paste, which is long...) but you should only stick to one.