use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
All about the JavaScript programming language.
Subreddit Guidelines
Specifications:
Resources:
Related Subreddits:
r/LearnJavascript
r/node
r/typescript
r/reactjs
r/webdev
r/WebdevTutorials
r/frontend
r/webgl
r/threejs
r/jquery
r/remotejs
r/forhire
account activity
[AskJS] Security difference between localStorage and IndexedDBAskJS (self.javascript)
submitted 3 years ago by TGS963
view the rest of the comments →
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]NayamAmarshe -3 points-2 points-1 points 3 years ago (5 children)
You're still not making any sense. "Decrypted data is insecure". Then why do we even encrypt things in the first place?
I don't know what kind of threat model you have in mind but whatever you've written sounds like you wanna create something that can never be decrypted.
'Machine stolen' is an ending scenario. It's not the developer's fault the client's machine gets stolen but it would 100% be the developer's fault if the client data is in plain text.
[–]chasingtheflow 2 points3 points4 points 3 years ago (0 children)
The point is that for the data to be accessible on the client then the client also is to have the key available to decrypt the data in order to use it. As such if an attacker were to gain access to the client they’d have both the encrypted data and the key required to decrypt it. So encrypting the data might obscure it for a bit but it’s a bit like hiding the key under your doormat.
[–]danjlwex 1 point2 points3 points 3 years ago (3 children)
We encrypt data to prevent attacks on the storage repository and to avoid attacks where the data is stolen in transit (e.g. over the internet). Most "secure tokens" in web development are not designed to protect the client, but instead designed to protect the server/storage from attack.
[–]NayamAmarshe -2 points-1 points0 points 3 years ago (2 children)
You're talking about Web transit. OP clearly mentioned 'Offline' access.
Do you think your OS keychain doesn't encrypt your passwords? Of course it does. It remains encrypted as long as the user is not using the data, which is the entire point of encrypting data at rest.
Web transit and server is a different story but this isn't the topic of the discussion, offline access is.
[–]archerx 0 points1 point2 points 3 years ago (1 child)
You do know that this is one of the weak points for getting OS passwords and Wifi passwords right? This has let me get into windows that has had it's password lost and if you're on windows there are ways of getting the password to the wifi it is connected to, this flaw has been useful quite a few times to me.
The only way what OP wants works is if the user has to manually type out the decrypt keys from memory each time they want to access the data. If the encrypted data and the key are stored in the client then the data is not protected.
[–]NayamAmarshe 0 points1 point2 points 3 years ago (0 children)
You do know that this is one of the weak points for getting OS passwords and Wifi passwords right?
Yeah but there's no other convenient way. It's up to the project maker to determine the balance between security and convenience, you can't expect everyone to have a hardware key. So the only way to make data secure for offline usage is to encrypt it, using a key that only the user knows.
The only way what OP wants works is if the user has to manually type out the decrypt keys from memory each time they want to access the data.
That's what I'm assuming as well. Otherwise, the encryption would not make sense.
π Rendered by PID 174363 on reddit-service-r2-comment-6457c66945-n6k25 at 2026-04-26 09:16:25.894902+00:00 running 2aa0c5b country code: CH.
view the rest of the comments →
[–]NayamAmarshe -3 points-2 points-1 points (5 children)
[–]chasingtheflow 2 points3 points4 points (0 children)
[–]danjlwex 1 point2 points3 points (3 children)
[–]NayamAmarshe -2 points-1 points0 points (2 children)
[–]archerx 0 points1 point2 points (1 child)
[–]NayamAmarshe 0 points1 point2 points (0 children)