Jump to content

Recommended Posts

Hello,

 

I was reading an article regarding Evernote and Android encryption and decided to do some digging to understand how credentials are stored in the Chrome Web Clipper. I opened up the .js files in the Chrome extension directory to explore the code. It seems that the credentials are being stored in the same "flawed" manner as Android - using the XOR scheme. Better yet, the key is posted in the very same file for anyone to see.

 

My question is this: what happens if some malicious website breaks into the local storage of my browser and steals my saved credentials. Given the data available in the .js files, it seems the hacker could easily obtain my password. Does Evernote plan on addressing this credential storing scheme in the near future?

 

Referenced Article: http://arstechnica.com/security/2013/03/critics-substandard-crypto-needlessly-puts-evernote-accounts-at-risk/

Share this post


Link to post
Guest
This topic is now closed to further replies.

×
×
  • Create New...