Fantastic links. They should be at the top of this thread. This stuff looks really impressive to me. I'm not an expert.
I take it that it is implicitly assumed that code running on the server (which I cannot spot the source for) doesn't need to be available, to be trusted? (That there's no way you could come up with an attack through cryptanalysis, involving what the server does, since the security of the data coming from the client is all that matters?)
Fantastic links. They should be at the top of this thread. This stuff looks really impressive to me. I'm not an expert.
I take it that it is implicitly assumed that code running on the server (which I cannot spot the source for) doesn't need to be available, to be trusted? (That there's no way you could come up with an attack through cryptanalysis, involving what the server does, since the security of the data coming from the client is all that matters?)