Show HN: aes.io - secure storage/collaboration with client-side JS crypto

Oblig: JavaScript crypto considered harmful. <a href="http://www.matasano.com/articles/javascript-cryptography/" rel="nofollow">http://www.matasano.com/articles/javascript-cryptography/</a><p>The site doesn't address any of the concerns. Why? Well, because they can't. Client-side JS is fundamentally, unfixably insecure.

Trekkin posted yesterday in the discussion regarding Microsoft's SkyDrive (<a href="http://news.ycombinator.com/item?id=4265621" rel="nofollow">http://news.ycombinator.com/item?id=4265621</a>) and not being familiar with the project I asked him to post a ShowHN so more folks could chime in regarding the use of clientside JS cryptography.<p>I asked about the library/implementation used and it is BouncyCastle compiled/convertered to JS using GWT.<p>The common discussion/blog references I've also pointed out but for everyone else have a look at these: <a href="http://rdist.root.org/2010/11/29/final-post-on-javascript-crypto/" rel="nofollow">http://rdist.root.org/2010/11/29/final-post-on-javascript-cr...</a> and <a href="http://www.matasano.com/articles/javascript-cryptography/" rel="nofollow">http://www.matasano.com/articles/javascript-cryptography/</a> .

I went full server side encryption with <a href="https://truefriender.com" rel="nofollow">https://truefriender.com</a> I relied on SSL for the client to server communication. However the user holds a key that is not stored on the server, so without that key the text on the server is unreadable, if you try entering an incorrect PIN you can see what I mean.<p>I've submitted to HN but didn't make the front page, check it out if you're interested in this stuff.

Interesting. How difficult was it to get the Bouncy Castle crypto lib to compile with GWT?

This site more or less does the same thing as deadrop.us so why do I need to sign up?