Just a small suggestion to improve the security a bit. To prevent prying eyes (or screen recording software) from seeing the password, it would be best to
- Remove the
paperencryptpassphrase div.
- Set the
paperpassphrase input type to password
- Add another input to confirm the passphrase to avoid the user making a typing mistake.
On the plus side, by using a password input if someone makes a non-HTTPS rehost of the website, the end user will be warned by their web browser that it is not secured.
Just a small suggestion to improve the security a bit. To prevent prying eyes (or screen recording software) from seeing the password, it would be best to
paperencryptpassphrasediv.paperpassphraseinput type topasswordOn the plus side, by using a password input if someone makes a non-HTTPS rehost of the website, the end user will be warned by their web browser that it is not secured.