undefined | Better HN

0 pointsdevy9y ago0 comments

SendSafely's workflow is quite different[1] from what I described with the encrypted static HTML email attachment. And I don't like the idea of sharing the confidential data over 3rd part cloud storage even if it's encrypted.

[1]: https://www.sendsafely.com/howitworks/

0 comments

1 comments · 1 top-level

wyc9y ago

I agree there are differences, including transit route and format.

Here are the similarities I saw:

- Payload is encrypted client-side by the sender

- Encrypted payload is decrypted client-side by the receiver

- 3rd party provides the unlock passphrase

I think I'd much prefer standard AES to AES sprinkled with a bit of proprietary magic, as the latter is more likely to introduce new attack vectors than not.

j / k navigate · click thread line to collapse