On 2/24/12 11:43 PM, Tankred Hase wrote: > Hi all, > > having read through the Github discussions, I stumbled upon a Blogpost > which some of you have probably also > read: http://www.matasano.com/articles/javascript-cryptography/ > > I see the Alpha-release of pgpbox very much as an opportunity for a > sanity check. What do you guys think about the author's arguments? The > argument about javascript not having a random number generator seems > outdated considering the fact that window.crypto.getRandomValues() is > now available. > > You've probably had this discussion before. I just trying to figure out > if I'm building something which adds real value or just creates a false > sense of security to users.
I think the project is going very well and must continue on it's path! The matasano security article is quite old, please check the hellais blog post and related comments that make a more objective analysis of the javascript cryptography context: https://hellais.wordpress.com/2011/12/27/how-to-improve-javascript-cryptography/ There's a lot of real value for javascript encryption applications, both for Web Delivered, Plug-ins, Mobile, Locally executed. Javascript is today the most ubiquous language that can be also executed into the browser of a $100 set-top-box of a pay-tv provider. We need good implementation and tools for Javascript encryption! Then, if you just look at 2011 progress of browser in that fields and the area of work (DOMCrypt for example), we should expect ever more exciting 2012 with the foundation of very good security. Keep it strong and resist objectically again claim and critics, as for many years JS has been considered crap-stuff, but in the HTML5 world things are changing and crypto-veterans must update their vision! -naif _______________________________________________ http://openpgpjs.org
