Confirm. This system was obviously designed by people who had no idea what they ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		bascule on Jan 21, 2013 \| parent \| context \| favorite \| on: Mega was second: The first client-encrypted file s... Confirm. This system was obviously designed by people who had no idea what they were doing, which is about the last thing you want in a cryptosystem. Failing to authenticate the JS cryptographic code (TLS would've helped here) makes this system effectively worthless and simple to MitM. A good read on the matter is Matasano's JavaScript Cryptography Considered Harmful: http://www.matasano.com/articles/javascript-cryptography/

STRML on Jan 21, 2013 | [–]

I wasn't aware of the MITM issues, thank you for letting me know. I'm working on setting up a cert as we speak.

STRML on Jan 21, 2013 | [–]

HTTPS is now enabled on the site. Thanks for letting me know.

Just curious, do you see any other red flags in the system?

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact