On Feb 18, 2012, at 9:35 PM, [email protected] wrote: > > Anyway, in a JavaScript environment, more than the actual AES > implementation, the actual PRNG used is what may create a real > difference on the overall security of the processed data. >
Agreed, that's also why I was suggesting that you use parts of SJCL they have done quite a good study on how to implement a proper PRNG and ways to collect entropy. I saw some funny stuff (but I must say I didn't audit it properly and what I say should be taken with a grain of salt) in the entropy collection code. Such as entropy collection code that is commented out: https://github.com/clipperz/javascript-crypto-library/blob/master/js/Clipperz/Crypto/PRNG.js#L361 - Art. _______________________________________________ http://openpgpjs.org
