This post originated from an RSS feed registered with Python Buzz
by Phillip Pearson.
Original Post: Enter the Greasemonkey
Feed Title: Second p0st
Feed URL: http://www.myelin.co.nz/post/rss.xml
Feed Description: Tech notes and web hackery from the guy that brought you bzero, Python Community Server, the Blogging Ecosystem and the Internet Topic Exchange
Basically it's a Greasemonkey script that decrypts bits of Blowfish-encrypted HTML it sees in your browser. So not just something to use for encrypted feeds - it will work just fine for any content that's been encrypted just for you. But I guess it's an XML.com article, and there isn't any XML involved if you don't mention syndication :-)
As Joe says:
One observation is worthwhile at this point. Nothing about this Greasemonkey script is particular to syndication. In fact, you could use this technique to publish and read encrypted content on the Web regardless of whether it was included in a syndication feed.
This is incredibly useful, as it really nicely solves the problem of moving really sensitive data through totally untrusted channels. I don't know how Blowfish works - whether it's a public-and-private-key-type cipher, or what - but it's conceivable that a bank website which already sends sensitive information to you could also send you a key to load into your browser and consequently decrypt information in an RSS feed also provided by the bank.
Although... there's a vulnerability here in that somebody could archive your RSS feed for many years until the cipher gets broken, then they'd have access to all your old bank records. Hmm. So maybe not.
How about if the encrypted content wasn't the actual data, but a link to something that would produce something keyed to your current key? The link could be configured to die after a week or so, so somebody cracking your key years later would just get a bunch of useless URLs. Hmm...
Previous Topic
