Re: Why lavaboom is (unintentionally) lying
You might be interested in following a discussing on this on Arstechnica forums
http://arstechnica.com/civis/viewtopic.php?f=20&t=1241479
Posts by QuYan
3 publicly visible posts • joined 17 Apr 2014
Snowden-inspired crypto-email service Lavaboom launches
Thursday 17th April 2014 20:10 GMT
Re: Why lavaboom is (unintentionally) lying
Additionally, you may want to follow last year's discussion on Arstechnica about Lavabit. The user edrowland expresses the concern on JS web crypto very clearly as well
http://arstechnica.com/civis/viewtopic.php?f=2&t=1223679&hilit=javascript+crypto&start=40
Has there really be any advance that would allow lavaboom to honestly offer a really host-proof web app with JS crypto?? I don't know of any, but I'd gladly be proven wrong on this.
Anybody can offer any links supporting JS crypto on the client side?
Thursday 17th April 2014 16:32 GMT
Why lavaboom is (unintentionally) lying
Unless the can provide technically convincing arguments to the contrary, current technology does not allow for Host-delivered, Host-proof Web Apps, that's especially so when it comes to client-based JS crypto that is delivered by the/a host. Stating it simply, they cannot hold on technical arguments the following sentence of theirs: "That means we make sure that your Email remains your Email, and can only be read by you." Any rogue employee of them could tamper with the JS crypto code that is delivered to your browser any time you reload your inbox page! That is, the amount of trust you need to put on them is as much as the trust you need to put on Gmail, an unencrypted email service. There is no way to check that the JS crypto code you are using at any time hasn't been tampered with: they could be sending your private key back to their servers in an encrypted way. You cannot be sure but only trust them on 1) they'll never do so, 2)they have put enough measures to avoid that any authority gets access to their servers and tampers with their code. After all, they don't know where their machines are...
But more importantly, keep in mind that, AFAIK, JS-crypto is simply doomed. Worse, it's a dead end with current technology. The Web browser offer a huge attack surface and JS is blatantly bad at shielding you from that. Plus it introduces it's own pitfalls. See references.
I myself starting building such JS based service till I learned that it's a no-go if I really want to offer serious security+privacy. If anybody can proof me wrong on this, please enlighten me.
References (each offers more links, especially the second one, with links to JS/Browser attacks):
Why JS crypto webapps are doomed:
The key reference: http://www.matasano.com/articles/javascript-cryptography/
An extremely resourceful one: http://tonyarcieri.com/whats-wrong-with-webcrypto
Discussion on a previous real case use of JS-crypto and its pitfalls: https://www.schneier.com/blog/archives/2012/08/cryptocat.html
PS: Did I get that right, that _they_ generate your private key!? What keeps them, or -again- a rogue employee/authorities to tamper with the code and get a copy of the key?
Biting the hand that feeds IT
