Hello On Sat, Feb 18, 2012 at 9:26 PM, venom00 <[email protected]> wrote: > On Sat, 2012-02-18 at 21:59 +0100, Arturo Filastò wrote: >> Such as entropy collection code that is commented out: >> https://github.com/clipperz/javascript-crypto-library/blob/master/js/Clipperz/Crypto/PRNG.js#L361 > > Maybe valgrind was unhappy. > http://bit.ly/z3ZIIe > > Just joking,
Ok. Point taken. But, as I have already replied, this is just the code for the keyboard entropy collector. I was never sure on how many bits to collect (and neither how - the actual key, or the time when the key was pressed) so I left it commented out, opting not to collect some values whose entropy I was not sure about. I would LOVE someone digging through Clipperz's code; I would be available to fully support any such task. > clipperz code looks is very clean and elegant. Maybe we > could use the async lib clipperz is using to make SJCL non-freezing (if > web workers are not available). > > From a certain point of view SJCL should be the best choice because > comes from a university research project and this should guarantee the > quality and the security of the code, but on the other hand I found some > bad things in its code, quite scaring. At the moment I am working in a world leader University research center. And the quality of the code I am working on is … questionable. I didn't look into SJCL code deeply, so I can not express any opinion on it. I simply do not buy the rule that code developed inside an university lab is by itself better than code developed in a "commercial" project. Cheers, Giulio Cesare _______________________________________________ http://openpgpjs.org
