For usecases where trusting any 3rd party with secrets is not an option (long term personal private keys), I'm rather interested what are tradeoffs when storing secrets in different ways only on client side.
In extreme case can store secrets on an airgapped disconnected computers, sign there, transfer to hot computer via USB or picture of QR code so secret never leaves. But what can be done to improve UX for those who prefer it and how much do we have to give up for it?
I am really curious about specifically friendlier choices on client side:
Then you can store data inside html like props, inside react state, querry strings, hash strings, local storage, session storage, global objects. What is visible to other websites open in same browser, what is visible to your network provider, what is visible to another user of your computer, can you isolate access to stored data to only specific request sources, how much access do browser extensions have (a lot). Even if I encrypt secret on client with pin I only memorized, how do I handle the cleartext secret when I use it and how to dispose of it safely, do I recommend users incognito mode, guest mode, chrome offline mode, sandbox or vm - wide range of choices but haven't figured out yet what is worth the difficulty.
Keep searching but most advice is for server based apps to trust servers :(
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
For usecases where trusting any 3rd party with secrets is not an option (long term personal private keys), I'm rather interested what are tradeoffs when storing secrets in different ways only on client side.
In extreme case can store secrets on an airgapped disconnected computers, sign there, transfer to hot computer via USB or picture of QR code so secret never leaves. But what can be done to improve UX for those who prefer it and how much do we have to give up for it?
I am really curious about specifically friendlier choices on client side:
Then you can store data inside html like props, inside react state, querry strings, hash strings, local storage, session storage, global objects. What is visible to other websites open in same browser, what is visible to your network provider, what is visible to another user of your computer, can you isolate access to stored data to only specific request sources, how much access do browser extensions have (a lot). Even if I encrypt secret on client with pin I only memorized, how do I handle the cleartext secret when I use it and how to dispose of it safely, do I recommend users incognito mode, guest mode, chrome offline mode, sandbox or vm - wide range of choices but haven't figured out yet what is worth the difficulty.
Keep searching but most advice is for server based apps to trust servers :(