![]()
#Com apple webkit webcrypto master com apple safari passwordThis way, if the user adds another password or finger, they don’t have to re-encrypt all the things with it as well. A user can have one access key for each of their fingers, for instance. This master key is then stored encrypted by one or more access keys, which are derived from a user’s passcode or biometrics (such as like their fingerprint or Face ID). The typical approach is to have a master key which is used to encrypt various things on behalf of the owner. Otherwise, anyone with access to the browser’s database will be able to see the keys and steal them, allowing them to take actions on the user’s behalf. However, once again, you don’t want to store these keys without encrypting them first. It’s a little-known fact that most modern browsers allow you to save Web Crypto keys on the client using the new IndexedDB API. Each device is identified to the domain by its corresponding public key. For each device, another copy of the key would have be stored, encrypted with that device’s private key. The private key of the user who encrypted the data can itself be encrypted and unlocked by using a valid user client device. In any case, once you obtain the keys, do not save them or export them anywhere, but store them only in transient operating memory. You can even split the keys up and store parts in different places. None of these keys should be stored in the same place as the database, so the hacker would have to compromise more places in order to get the decrypted data. (See the “more proof is better than less” principle, below.)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |