I only took a glance at their "why we built this" page, but it seems sound to me.
Also, it seems to serve a different purpose to wormhole.
Wormhole allows you to easily ans securely transfer files between two machines, if I understand correctly.
This is a convenient way to generate a public / private key pair and share your public key with someone encoded in a URL. In turn they can conveniently encrypt a short message using your public key which is also encoded in a URL for sending back over an insecure channel.
Being in the browser and having to trust it is not sending anything online, is not ideal. But on paper the concept seems pretty sound to me. I think it's a cool idea and can imagine it could come in useful.
> Being in the browser and having to trust it is not sending anything online, is not ideal. But on paper the concept seems pretty sound to me.
This seems contradictory. If the main thing that's useful is that it uses URLs/browsers, but using URLs/browsers breaks the security of the system, what part of it seems pretty sound?
I mean the concept of generating a private / public key pair and sharing a public key is pretty sound.
If your browser is compromised or can't be trusted then you have bigger problems.
But if we assume this site can be trusted not to send secrets online (which is easy to verify) and they are not rolling their own crypto primitives in javascript, then the idea is pretty sound imo.
Personally I would use gpg or openssl for this, but it's not that easy for non-technical users.
> But if we assume this site can be trusted not to send secrets online (which is easy to verify)
This would require every sender and recipient to read and understand the JavaScript on every page load, because there’s no guarantee that the server is sending every request the same content. It is in fact not easy, especially for non technical users.
If we’re just assuming the site is trustworthy, the public key crypto isn’t necessary. If the site isn’t trustworthy, the public key crypto isn’t secure, because the site is in a position to compromise the private keys.
I only took a glance at their "why we built this" page, but it seems sound to me. Also, it seems to serve a different purpose to wormhole.
Wormhole allows you to easily ans securely transfer files between two machines, if I understand correctly.
This is a convenient way to generate a public / private key pair and share your public key with someone encoded in a URL. In turn they can conveniently encrypt a short message using your public key which is also encoded in a URL for sending back over an insecure channel.
Being in the browser and having to trust it is not sending anything online, is not ideal. But on paper the concept seems pretty sound to me. I think it's a cool idea and can imagine it could come in useful.