Hanshan's avatar
Hanshan hanshan@nostr.land 2 years ago
OK someone breaking AES-256 encryption is not in my threat model. and i also can and do have a secure offline backup that can be restored anytime. it doesn't require chasing down stray bits. but its a difference in design philosophy and I respect your approach.
↑ Parent

Replies (1)

mleku's avatar
mleku _@mleku.online 2 years ago
i'm not so stupid as to think that AES-256, which isn't even a protocol actually, it's a collection of them, and the difference that matters, can be broken. it's always side channels and handshakes and this sort of thing. i don't know how my brave sync got breached but a device appeared on the list that i definitely did not put there. so i presume it was the browser itself was penetrated, and specifically the access to the memory where that key is stored. i think you are way too trusting, and let's just leave it at that. anyone who pins their security on a web browser is on the road to trouble.