eran | 14 years ago | on: My weekend project - AES encryption for Gmail or anything else
Fixed. Thank you for advice about HMAC, now I am use it.
eran's comments
eran | 15 years ago | on: Ooops.
Once we got catastrophic backup
rsync -a --delete /home/project/ /mnt/backupDisk
Left unnecessary slash after "project" and rewrite all content on "backupDisk" by project files (instead of sync project folder on it)
eran | 15 years ago | on: My weekend project - AES encryption for Gmail or anything else
Today I've updated key derivation to use pbkdf2 (1000 cycles, google chrome execution time around 2 sec)
eran | 15 years ago | on: My weekend project - AES encryption for Gmail or anything else
MITM issue fixed, all resources are loading over SSL
eran | 15 years ago | on: My weekend project - AES encryption for Gmail or anything else
Thank you point me out. Definitely, I need to implement PBKDF2 (and add salt to password). I planning this, but weekend is too short and finally I just put SHA256 for key derivation.
But, until you describe, I do not recognize what the principal difference between hash and password based key derivation function, thanks.
eran | 15 years ago | on: My weekend project - AES encryption for Gmail or anything else
Thank you for advice about cert service! Awesome. Will request SSL cert right now.
I consciously left scripts uncompressed, so anybody can look what going on behind the scene. Also, I'll publish source code on github as soon as clean it up. Then I make compressed version.
eran | 15 years ago | on: My weekend project - AES encryption for Gmail or anything else
Thank you for link, very interesting stats. FF also has reasonable URL limit. At least for some browsers I can do it.
eran | 15 years ago | on: My weekend project - AES encryption for Gmail or anything else
Yes, I will install ssl cert in future (at least self signed), understand the risk. Standalone bookmark is great idea, but I am not sure if I can fit script to 2048 bytes. Maybe, I'll make html5 cache manifest to avoid network access.
eran | 15 years ago | on: My weekend project - AES encryption for Gmail or anything else
Sure, but on modern browsers only (utilizing html5 file API). I am thinking about implementing RSA private key generation and online public key registry in future.
eran | 15 years ago | on: My weekend project - AES encryption for Gmail or anything else
I use counter mode with 256 bit key
Key is generated as sha256 hash of the user password
page 1