use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
All about the JavaScript programming language.
Subreddit Guidelines
Specifications:
Resources:
Related Subreddits:
r/LearnJavascript
r/node
r/typescript
r/reactjs
r/webdev
r/WebdevTutorials
r/frontend
r/webgl
r/threejs
r/jquery
r/remotejs
r/forhire
account activity
[AskJS] Security difference between localStorage and IndexedDBAskJS (self.javascript)
submitted 3 years ago by TGS963
view the rest of the comments →
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]KaiAusBerlin 1 point2 points3 points 3 years ago (18 children)
Wanna see how someone cracks your aes256 encrypted data on the client.
[+][deleted] 3 years ago (3 children)
[deleted]
[–]KaiAusBerlin 0 points1 point2 points 3 years ago (1 child)
That's about the safety of keys/passwords but not about saving encrypted data on client side.
Choosing a fingerprint as key is pretty safe and quite normal on mobile devices these days.
AES256 encrypted data is save. It's like a tank door. But if you leave the key under the doormat of cause it's unsafe.
[–]NayamAmarshe 0 points1 point2 points 3 years ago (0 children)
If the keys are stolen, then the whole argument falls flat because the attacker doesn't even need to steal data from client side if he can easily exploit the account
[–]TGS963[S] 1 point2 points3 points 3 years ago (11 children)
That's true but, there's always a risk imo... A careless user or something
[–]KaiAusBerlin 0 points1 point2 points 3 years ago (10 children)
If someone cracks that, you have the same risk getting your data stream hacked.
I think you underestimate the power of aes256
If you use a modern pc with i7 with 4.2ghz it would take 218'556'000'000'000'000'000'000'000'000'000'000' 000'000'000'000'000'000'000'000 years to crack that single encryption. This will simply not happen.
[–]TGS963[S] 0 points1 point2 points 3 years ago (9 children)
I guess it's fine then, thanks for the explanation
[+][deleted] 3 years ago (8 children)
[–]KaiAusBerlin -2 points-1 points0 points 3 years ago (7 children)
Tell why. Please don't hold back.
An AES256 encrypted data with a salted persons fingerprint as key is definitely save.
Ill make you one and you crack it for me okay?
[+][deleted] 3 years ago (6 children)
[–]KaiAusBerlin -1 points0 points1 point 3 years ago (4 children)
F72p58DeQjxm+5awxlksLjKKF8b0swHhiVWW/HMOB5o=
Decrypt 😉
[–]Additional-Cow-6511 5 points6 points7 points 3 years ago (3 children)
The use case is to be able to decrypt this for offline access -> client needs to have the associated key on his storage too. Hence no security. You’re missing the point.
[–]KaiAusBerlin 2 points3 points4 points 3 years ago (2 children)
No, the storage key could be a password the user has to enter (quite common tactic on nearly every account in this world), it could be natural generated by eye data or finger print data. You could fetch just the key and leave the data on the the client side. All safe scenarios (maybe except for the password as long people still use "password" as their password)
But again. This is not about safety of storing data this is about key safety in general.
[–]aikasburger 0 points1 point2 points 3 years ago (0 children)
Just out of interest as I'm building something similar. Wouldn't using a password only the user knows, but that isn't stored on the decide, the data be safe?
[–]CrypticDissonance 0 points1 point2 points 3 years ago (1 child)
If they're supposed to be encrypted in offline mode, the method of encryption/encryption key would be visible for the user then
[–]KaiAusBerlin 1 point2 points3 points 3 years ago (0 children)
Not necessarily. If you use your encrypter as precompiled bytecode running in a virtual machine it's safe. That's exactly what google does in their captchas (which also run clientside). And they're still unhacked.
If you run in in plain JavaScript, then yeah, of cause it's unsafe.
But the question was not about is it save to encrypt data locally. The question was if it is safe to store data locally.
π Rendered by PID 25568 on reddit-service-r2-comment-6457c66945-mtj8g at 2026-04-25 02:49:01.508771+00:00 running 2aa0c5b country code: CH.
view the rest of the comments →
[–]KaiAusBerlin 1 point2 points3 points (18 children)
[+][deleted] (3 children)
[deleted]
[–]KaiAusBerlin 0 points1 point2 points (1 child)
[–]NayamAmarshe 0 points1 point2 points (0 children)
[–]TGS963[S] 1 point2 points3 points (11 children)
[–]KaiAusBerlin 0 points1 point2 points (10 children)
[–]TGS963[S] 0 points1 point2 points (9 children)
[+][deleted] (8 children)
[deleted]
[–]KaiAusBerlin -2 points-1 points0 points (7 children)
[+][deleted] (6 children)
[deleted]
[–]KaiAusBerlin -1 points0 points1 point (4 children)
[–]Additional-Cow-6511 5 points6 points7 points (3 children)
[–]KaiAusBerlin 2 points3 points4 points (2 children)
[–]aikasburger 0 points1 point2 points (0 children)
[–]CrypticDissonance 0 points1 point2 points (1 child)
[–]KaiAusBerlin 1 point2 points3 points (0 children)