Add quote from WebKit Web Crypto post

e707d355 · Aral Balkan · 7170f482 · e707d355
Verified Commit e707d355 authored Jan 13, 2018 by Aral Balkan
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

content/engine/technology-stack/authentication.en.md content/engine/technology-stack/authentication.en.md +1 -1

No files found.
--- a/content/engine/technology-stack/authentication.en.md
+++ b/content/engine/technology-stack/authentication.en.md
@@ -37,7 +37,7 @@ As such, the current plans for authentication are:

 ## General resources

-  * [WebKit: Update on Web Cryptography](https://webkit.org/blog/7790/update-on-web-cryptography/)
+  * [WebKit: Update on Web Cryptography](https://webkit.org/blog/7790/update-on-web-cryptography/): “When developing with pure JavaScript crypto libraries, secret or private keys are often stored in the global JavaScript execution context. It is extremely vulnerable as keys are exposed to any JavaScript resources being loaded and therefore allows XSS attackers be able to steal the keys. WebCrypto API instead protects the secret or private keys by storing them completely outside of the JavaScript execution context.”

  * [Storing Cryptographic Keys in Persistent Browser Storage](https://pomcor.com/2017/06/02/keys-in-browser/)