Skip to content Skip to sidebar Skip to footer

Secure Browser-side Cache In Local Storage

To make the question clear: is the proposal below considered 'secure'? (i.e. doesn't introduce any significant security risks). I haven't seen any clear reason why the following pr

Solution 1:

Security and cryptography is a environment where specifics really do matter and be aware that you've been very vague. Implementation is very easy to get wrong. If this is in a commercial application and data sensitive enough consider professional help.

However if you're going to try, ensure you're using a secure encryption cipher to encrypt your data otherwise you're going to open yourself up to attacks specific to your encryption method. Remembering that defaults are set for simplicity, not security. (Eg. ECB mode in block ciphers)

I would never recommend encrypting 2 identical texts with different encryption keys. Consider interlacing random text to make them not-identicle

Here are some attacks that systems like yours are generally vulnerable to:

  • Chosen-ciphertext attack
  • Known-plaintext attack
  • Random number generator attack
  • Ciphertext to plaintext length correlation

You'll also want to ensure that this encryption key is not vulnerable to XSS and other standard internet attacks.


Post a Comment for "Secure Browser-side Cache In Local Storage"