Mylar: A platform for building secure web applications

Also of note:<p>* <a href="https://crypton.io/" rel="nofollow">https:&#x2F;&#x2F;crypton.io&#x2F;</a> a zero-knowledge web framework from SpiderOak<p>* <a href="http://hails.scs.stanford.edu/" rel="nofollow">http:&#x2F;&#x2F;hails.scs.stanford.edu&#x2F;</a> a secure web platform framework for untrusted 3rd party plugins

Paging tptacek; come in tptacek...

From the blurb:<p>Mylar protects data confidentiality even when an attacker gets full access to servers. Mylar stores only encrypted data on the server, and decrypts data only in users&#x27; browsers. Simply encrypting each user&#x27;s data with a user key does not suffice, and Mylar addresses three challenges in making this approach work.<p>First, Mylar allows the server to perform keyword search over encrypted documents, even if the documents are encrypted with different keys. Second, Mylar allows users to share keys and data securely in the presence of an active adversary. Finally, Mylar ensures that client-side application code is authentic, even if the server is malicious.

It seems absolutely ridiculous that large piles of data are being stolen by small teams of hackers. If solutions like Mylar&#x27;s prevent reading of the extracted data, that sounds promising. Sure, it&#x27;s just another hurdle in an attack but it&#x27;s something.<p>I wonder if we&#x27;re only a few years away where technologies and practices like this become standard?

Well why not go to the next level and have the attackers host your services?

So someone builds a nice secure and useful framework&#x2F;platform which is great. But why not put some effort to mention some more details or documentation about how to use it, sample, tutorials etc?

&quot;First, Mylar allows the server to perform keyword search over encrypted documents, even if the documents are encrypted with different keys.&quot;<p>I thought some big tech corporation owned the patent on that.