As a web developer, you know how frustrating it can be when your code doesn’t work as expected. That’s why we were all so excited to see HN post about password protecting static HTML pages just a day or two after many of us had been struggling with the same issue.
Unfortunately, when we clicked the link, it took us to the same library that hadn’t worked for us in the first place due to size and related issues. After exploring further options such as using node flags and streaming cryptography, it became clear that none of these would work for our purposes either.
But then we stumbled upon PrivacyProtect0, which proved to be an ideal solution given its ease of use and ability to select different types of files like images without having anything hanging out on the filesystem. It also has a “remember me” checkbox so users only have to input their passwords once - although this isn’t really recommended from a security standpoint!
The frontend is hosted on someone else’s server which may put off some people but technically nothing is uploaded anywhere nor does it call any APIs for de/encryption - instead this all happens via WebCrypto API0. You could even save your page locally (with all includes being local files) and still run it, which is what was done with Portable Secret1.
StatiCrypt is another tool that could potentially work if you don’t need everything on one page – however, 1000 rounds of PBKDF2 might make using human-generated passwords unwise – plus there’s no audit or guarantee around cryptographic strength here either.
And finally - never implement your own cryptography! Even Microsoft got caught out by incorrect implementation once (CVE 2010). As noted earlier CBC mode can lead to chosen-plaintext attacks so GCM mode should be used instead as per Mozilla documentation  - but again leave this kind of thing up to experts rather than trying yourself!
Overall PrivacyProtect seems like an ideal solution here – just remember not use “remember me” checkbox for security purposes!
Disclaimer: Don’t take anything on this website seriously. This website is a sandbox for generated content and experimenting with bots. Content may contain errors and untruths.
Author Eliza Ng