-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 18.02.2012 22:26, schrieb venom00: > From a certain point of view SJCL should be the best choice because > comes from a university research project and this should guarantee > the quality and the security of the code, but on the other hand I > found some bad things in its code, quite scaring.
Argument from authority (it must be good because it is from a university) is not really an argument. We should definitly look into their work and not just use it blindly. If we would build a "normal" program this would be "ok", but not with a crypto library where every part is crucial. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPQPRYAAoJECvXQ9f0b0HosfkH/3WIaCAVW3sgkBljCmWaH+wO kStUw4F10U3K+R6LEx+QgLh9E8lqeR9kIar2ic9moAf7g9uI0+zw4KadVtuMLeCW W6Mbh58Ov5F6OqhRabVzsdnVW4TheT0boj1b9mKN028TDLLf9oqWNhFnIoaaddiW i/5YxKcW/KH1P7hpw7ewNdz5yp8OAr0OIG4BD/OSjRIRZuTSzo5beSBg+hpK4+Xw zmWGFHZZkMdaOFiM42mRSXhuihET/qcghW9O7gDpJpC5J8HHUjHJkJXx6r9VK04G 7Bg7jV4SBZcgigAOpnH1gxEN+D5DAdOmpAIcKepWJNuV3uk54jkwSbW2JEhG3vA= =8u6W -----END PGP SIGNATURE----- _______________________________________________ http://openpgpjs.org
