Cyph Alternatives

cyph reviews and mentions

• Ask HN: Why no browser-based E2E encryption?
  2 projects | news.ycombinator.com | 17 Mar 2024

  [where this model breaks down] -- Alice and Bob go to your website and have a conversation. Eve hacks into the website and modifies the E2EE code. She can switch between serving the normal webapp and the malicious non-E2EE webapp. There's no good way to detect it. There are people out there who really like end to end security, but don't like browser-based e2ee because it doesn't have end to end security.

  Note: https://www.cyph.com/ is a bbE2EE chat system.

• E2EE on the web: is the web that bad?
  2 projects | news.ycombinator.com | 19 Feb 2024

  If we do care about the delta in security model between the web and other platforms, then we could build some kind of code bundling and signing mechanism for web applications, perhaps with some kind of transparency layer on top to make the code publicly auditable and make it harder to target specific users with malicious code. A bundling/signing/transparency solution for the web could probably be built out of some of a collection of mechanisms that already exist or have at least been explored. Related ideas include Subresource Integrity, Isolated Web Apps, Signed Exchanges and Web Packaging, Meta’s Code Verify extension, and source code and supply chain transparency proposals.

  Incidentally, I've actually just recently developed a solution to this exact problem: https://www.websign.app.

  WebSign started a while back as an internal framework used by the Cyph E2EE messenger (https://www.cyph.com), and @eganist and I gave a talk that covered part of the architecture at Black Hat and DEF CON. Now we have a static web hosting service built around it for others to use, which takes care of bundling and code signing during deployment.

  If anyone here has a use case for it, we're looking for pilot customers now. Just shoot me an email at [email protected].

• r/crypto - Cyph - Encrypted Messenger
  1 project | /r/CryptoToFuture | 9 Oct 2021
• Cyph - Encrypted Messenger
  1 project | /r/cypherpunk | 9 Oct 2021
  1 project | /r/pgp | 9 Oct 2021
  1 project | /r/crypto | 9 Oct 2021
• Graph of Keybase commits pre and post Zoom acquisition
  6 projects | news.ycombinator.com | 9 Oct 2021

  https://github.com/cyph/cyph

  It would be wasteful to throw away the Web of Trust (people with handles to keys) that everyone entered into Keybase. Hopefully, Zoom will consider opening up the remaining pieces of Keybase if not just spinning the product back out to a separate entity?

  W3C DIDs and https://blockcerts

  From https://news.ycombinator.com/item?id=19185998 https://westurner.github.io/hnlog/#comment-19185998 :

  > There's also "Web Key Directory"; which hosts GPG keys over HTTPS from a .well-known URL for a given user@domain identifier: https://wiki.gnupg.org/WKD

  > GPG presumes secure key distribution

  > Compared to existing PGP/GPG keyservers [HKP], WKD does rely upon HTTPS.

  Blockcerts can be signed when granted to a particular identity entity:

  > Here are the open sources of blockchain-certificates/cert-issuer and blockchain-certificates/cert-verifier-js: https://github.com/blockchain-certificates

• A note from our sponsor - SaaSHub
  www.saashub.com | 10 May 2024

  SaaSHub helps you find the best software and product alternatives Learn more →