New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
oh haha. the data will all be encrypted, so even if someone does get access to the server, they wont be able to get anything other than encrypted data. and aes-256 isnt a easy to crack algorithm. i do have filesystem monitoring on the server which means if someone gets in and tries to change anything on the website, ill get notified. ive spent quite a lot of time hardening the server and have secured it as much as i can.
removed
Sounds good as I was worried the stored SHA was actually the encryption key. Really no way to be sure though
the client side code is not encrypted, not even minified (even comments are there), so feel free to take a look
Your best bet to encourage people adopting your web app is to not POST the client key hash at all. Leave it all on the client side JS. Once they see the encryption/decryption and the private key (hash) never leaves their local machine you'll soar. This will also provide enough visibility into your code base that it can be trusted. You can even host the crypto library JS on a trustworthy CDN (cdnjs maybe)
I will really be interested, will wait for it.
Good luck with your confidence. Just head-up, there will be someone who better than you and the most of us.
I am not sure is it safe or not. As .in domain is a high risk domain. Everyday thousand of .in website hacked by hacker. So i am not confident with this
Seriously?........
ya men just use google and you will get lot of news about indian website hacking news
here some hacking news :
the website isnt even indian -.- i just used the in extension so i could create the domain that says hostlog.in = host login
And you think it has to do with a domain extension..
HAHAHAHAHAHAHAHAHAHAHAHAH
Well, it makes sense. The domain name has a giant sign saying its the way 'in'. The new '.stealth' TLD will have better security.
I just want to say .in is a hacker focused tld extension
Any website could be targeted. What does it has to do with TLD's?
It depends on the popularity of the website.
actually, some TLDs are more susceptible because gathering large lists of domains within them are easier- don't think that's really relevant here though.
@ksubedi is this project still alive? I was just about to load all my non-sensitive info into it, but got a timeout.
@ksubedi now works for GVH, so I doubt it.
Darn, he sounded so ambitious with this project. I reckon this is a good time to open source it, then?
Well you can try, but he's not responded to me whatsoever, except through GVH's support.
is the website down? can't open it.
Maybe you can sell it cheap, like a donation of $10
"Google Chrome could not load the web page because hostlog.in took too long to respond"
yep its down > http://isitup.im/hostlog.in
I would love a self/local hosted version of this, even if it costs.
Appears to be down, http://sitemeer.com/#hostlog.in
Oops, hostlog.in appears to be down
All of my sites are .in. I've seen DDOS, and bots trying to guess the WordPress admin password, but nothing that suggests work of a hacker.
For the record, SHA or MD5 should not be used to store sensitive information like passwords/pass keys. Ideally you should never write your own password hashing functions (use PHPPass or PHPs password_hash functions). It's too easy to use an improper hashing algorithm (i.e. not crypt), to use a salt wrong etc.
wrong thread? idk how this happened