NoSSL is not using Forge, because we wanted to support a JS/PHP combination for most of the websites (e. g. based on Wordpress, Joomla, Typo3 and so forth). I think that Forge is based on NodeJS for the server side, if I am not mistaken.
In my personal view one of the big flaws in crypto-science is that there is not 1 complete crypto-library (like PGP or sodium), where every single functionality is implemented in these languages equally so that function-results are interchangeable: JS/NodeJS, PHP, Python, C#, Java, Ruby, (Perl) When asking myself, why encryption for every day-stuff like e-mails or for your own website is so unpopular, I can only come up with the reason that it is too "difficult" or rather too tedious to use. As seen during the Facebook-buys-whatsapp reaction, when almost 1 million people went to buy Threema, this was only a very temporary storm. The Threema sales never increased as steep after this 3-days-boost ever again. Even I as someone, who understands somewhat about crypto, rarely uses GPG for my e-mails as often enough, the other party does not know how to use or I am missing my private key on a different local installation of my numerous e-mail clients. NoSSL was invented because as a software company, we host dozens of websites for clients with logins. None of the sites contain critical informations, so if hackers could intercept the traffic, no harm would be done. However, the passwords used for the logins by our clients may be the same that they use on Paypal, Amazon, etc. The risk of these passwords being intercepted on e. g. a public Wifi is pretty high as every idiot knows how to install WireShark. With NoSSL I think most of the bad guys are locked out. Also, if they are not in the same LAN, security agencies can only intercept AES-256 encrypted traffic, which I believe they still cannot decipher. We tried to make NoSSL so extremely simple that we hope it may become popular especially with the planned Wordpress/Typo3-plugins. Also, the prerequisite was that you can just integrate it into your existing PHP code without thinking about it any more. It has these nice features: - If JS is disabled or when the handshake with the server for the server key has not taken place, the submit buttons of the forms are hidden and a warning is displayed automatically - It supports some kind of perfect forward secrecy as you can set the time interval the server key is valid (e. g. server RSA key changes every 24 hours) - Resending of messages as an attack is blocked as a unique message key is stored on the server side by an own file-database. - Upon sending a form, the form is copied, encrypted and then sent to the server. On the PHP side, everything is automatically decrypted and put into the $_REQUEST/$_POST/$_GET variables so the existing PHP-program remains unoblivious about NoSSL and can function undisturbed. - Only 3 lines of code have to be added to implement NoSSL into the existing code - AJAX-requests are automatically encrypted (when using Jquery) As soon as the plugins are out, I'll notify you. Martin Am 13.09.2014 14:05, schrieb Fabio Pietrosanti (naif): > Il 9/13/14, 4:53 AM, Dr. M. Weihrauch ha scritto: >> Hi all: >> >> This may be somewhat off-topic here, but we just released NoSSL V1.1, >> which can encrypt stuff from the browser to any PHP-server (automatic >> form-encryption and encrypting AJAX-requests) in the browser before >> sending to the PHP-server. On the server, everything is decrypted >> automatically, so PHP-scripts work undisturbed with NoSSL. > Is NoSSL using Forge Javacript TLS implementation or a new one? > > I've opened a ticket here > https://github.com/digitalbazaar/forge/issues/84 to implement > something similar to what you're achieving using NoSSL but leveraging > Forge TLS implementation. > > Let us know > > -- > Fabio Pietrosanti (naif) > HERMES - Center for Transparency and Digital Human Rights > http://logioshermes.org - http://globaleaks.org - http://tor2web.org > > > _______________________________________________ > > http://openpgpjs.org > Subscribe/unsubscribe: http://list.openpgpjs.org -- --------------------------------- Priv.-Doz. Dr. med. Martin Weihrauch Facharzt für Innere Medizin, Hämatologie und intern. Onkologie VSCO.NET Elsternweg 6 50997 Köln GERMANY Tel: 02233-6278658 Fax: 02233-6278659 Mob: 0163-9600829 [email protected]
_______________________________________________ http://openpgpjs.org Subscribe/unsubscribe: http://list.openpgpjs.org
