[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: keybase.io



Russ Allbery dijo [Fri, Apr 04, 2014 at 04:23:03PM -0700]:
> > Well, please enlighten me here: Without fully auditing the Javascript
> > code you are using to do the crypto client-side, can you *really* be
> > certain your private half has not travelled to Keybase?
> 
> If Javascript running in a browser has access to your GPG secret key
> without you explicitly pasting it into the browser, I think you have
> larger problems....

Right. However, I guess that most uses of the app (other than sending
a message saying "yes I'm here, this is me") will require pasting the
key. Or not? Keybase users, please enlighten me: What do you do with
it besides just existing on teh graph?


Reply to: