RESEARCH: Code Integrity Checks - glenw921/TripleCrypt GitHub Wiki

NOTE!!: If a TripleCrypt (TC) host device is to be shared by more than one user (such as in the case of a family that only has one offline device), then it is essential that controls are put in place to reduce the ease of one user spying on the TC Vault content of another - which could be done by modifying TC's code so that it captures user credentials or secrets. 

FROM o1 chat:

-- Tamper Detection or Code Integrity Checks --

To further protect against the risk of modified PWA code, you can implement code integrity checks:

Subresource Integrity (SRI): This allows the PWA to ensure that the JavaScript or other resources loaded have not been tampered with. If the attacker modifies the PWA and attempts to load it, integrity checks would fail, preventing the PWA from running.

Signed Code: Ensuring the PWA code is signed and verified could prevent unauthorized tampering. If the attacker modifies the code and the signature no longer matches, it would alert the user or stop the app from functioning properly.

TASKS: (1) Look into each of these more deeply. Good cryptography practices can ensure that authentication skipping code modifications are unworkable/useful, but it might be nice to give people comfort the code and included libraries are unmodified.