Comment Seriously? RTFM (Score 1) 90
Am I the only one who read the read the article?
The Mylar system supports searching of the encrypted data and encryption with multiple, separate keys allowing multiple users to have access to specific records without requiring any key sharing.
The server can operate in a completely compromised fashion (in theory), as the data is all encrypted on the client side, before it goes to the server, and the server will never have the plaintext or the key to decrypt the ciphertext.
They seems to be operating under the assumption that it is much harder to compromise all the clients than a single server...unfortunately I don't think that claim holds up as there is nothing to prevent compromise of the clients if the server is compromised, via simple XSS-like attacks, which will be trivial since it will be same-origin.
IMHO, the only way to make something like this really work, would be hardened browser clients, with special encryption APIs which cannot be directly accessed by code that the server can inject (NOT JavaScript).
The Mylar system supports searching of the encrypted data and encryption with multiple, separate keys allowing multiple users to have access to specific records without requiring any key sharing.
The server can operate in a completely compromised fashion (in theory), as the data is all encrypted on the client side, before it goes to the server, and the server will never have the plaintext or the key to decrypt the ciphertext.
They seems to be operating under the assumption that it is much harder to compromise all the clients than a single server...unfortunately I don't think that claim holds up as there is nothing to prevent compromise of the clients if the server is compromised, via simple XSS-like attacks, which will be trivial since it will be same-origin.
IMHO, the only way to make something like this really work, would be hardened browser clients, with special encryption APIs which cannot be directly accessed by code that the server can inject (NOT JavaScript).