@Elucidating TootCrypt's desktop reference app stores keys in Ring 0 (kernel) where possible, and runs in highly privileged contexts, using stable accredited libraries. That makes it immune to whole classes of web-based attacks, and doesn't need to sandbox itself from the browser. It assumes everything from the instance is untrusted, and can easily sanitise the defined APIs, instead of having to sanitise an entire web application.
Conversation
Notices
-
Rushyo 🇪🇺 (rushyo@mastodon.social)'s status on Wednesday, 03-May-2017 00:33:40 UTC Rushyo 🇪🇺 - Hallå Kitteh likes this.
- Hallå Kitteh repeated this.