NuclearPhoenixx
commented
7 years ago Well, your concerns are fully understandable and obviously this is not intended for high security applications but it's an easy way to implement some client encryption and decryption.
For example: You and your friend share a password then you can both send and receive the messages and read them. That method is like semi-automatic because you both have to know the password, but this way there is no network logging or anything - so it's secure (as far as the js code and the password are of course). You can automate everything but the password transfer; I made an experimental app this way and it seems pretty nice so far.
lansana
OwenMelbz
I understand what encryption/hashing is; that is not my question.
The question is how does this make any client secure if it requires a secret/private key in the client in order to run the encryption algorithms? If you use plain text, someone can read it and thus can decrypt your messages. Likewise if you provide the keys from a server, anyone can also look at the network logs and view the key coming in.
How can this be avoided? I don't understand..this seems rather useless to me because it's so easy to reverse engineer. Please educate me.