Improve security #1
Conversation
atoponce
commented
Sep 8, 2017
atoponce
commented
- Remove all trackers
- Replace Math.random() with a uniform cryptographically secure RNG
- Increase password entropy from 28-bits to 73-bits
* Remove all trackers * Replace Math.random() with a uniform cryptographically secure RNG * Increase password entropy from 28-bits to 73-bits
|
hi @atoponce, I apologize for missing this (idk why but I don't get any sort of notification from github when someone creates a pull request here), and I thank you for you contribution. I only noticed once someone else submitted part of what you did here. I merged theirs (use WebCrypto instead of Math.random) because it doesn't change the site, just improves it. I disagree with the removal of google analytics, I would very much like to know how much the site is used. Considering I'm not doing any sort of monetization at all, this is a hard requirement from me and I am not likely to give it up. Mixpanel I wasn't even aware was being used, I'm fine with that being removed. I also disagree with the change in template, but I would welcome a discussion (and contributions) to a UI that lets you pick different templates and persist your choice in localstorage. The current template is not "super secure" but it is a comfortable limit of what people can easily remember. If you're not remembering these passwords, you're better off using something else anyway :) |
