On Fri, Mar 25, 2011 at 6:53 PM, Kamyar Navidan <[email protected]> wrote: > You may find this library useful if you want to go with solution 2: > > https://github.com/maxogden/ezcrypto-js
Thanks Kamyar, The GitHub project's "about" section mentions "WARNING: JavaScript crytography is still more or less the wild west. See this article for a pretty decent explanation of what you are getting yourself into. Use at your own risk.", and so I spent most of the article reading the aforementioned "this article", as well as other articles on that site. I think I've come to agree with the author in that trying to implement a cryptographically secure application in pure JavaScript has got me pretty nervous. He lists many additional issues that a JavaScript based solution would have to solve that native apps would not need to solve (http://rdist.root.org/2010/11/29/final-post-on-javascript-crypto/). What I'm wondering now is if perhaps it might be worth the effort to use the native labs, invoked by CouchDB via an Erlang-native bridge API, and then exposing this API to the JavaScript functions embedded in the views, so that we can rely tried-and-tested open source cryptographic libraries reviewed and audited by professional cryptographers. Do you think there would be any interest from the CouchDB committer community in pursuing this? It'll be a while before I can participate in this, as I don't know any Erlang yet. - Nebu
