[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Ideas to securely implement PGP encryption/decryption
On 11.10.2011 04:07, Mike Perry wrote:
>> At the moment, I cannot think of any attack vectors once you combine it
>> with enabled Torbutton (or a stripped down Tor Browser) where active
>> scripting/access to the DOM is disabled completely.
> Actually, these attacks are generally prohibited by strong isolation
> between the content script and the XUL script. In XUL, you can read
> the ciphertext, extract it, decrypt it, and display it in a protected
> XUL window without introducing risk, IF all steps are done properly.
I was thinking of the obvious interaction a user expects for encryption
of plaintext data: I type data into a web form, when I am done I execute
the encrypt command.
I don't see how you can isolate web forms in the DOM in a way that it
cannot be read in between typing and encrypting the data.
--
Moritz Bartl
https://www.torservers.net/
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk