Perhaps of interest here... -------- Original Message -------- Subject: Javascript Cryptography Considered Harmful Resent-Date: Mon, 12 Sep 2011 14:36:47 +0000 Resent-From: [email protected] Date: Mon, 12 Sep 2011 16:36:15 +0200 From: Henry Story <[email protected]> To: WebID XG <[email protected]>
An interesting article http://www.matasano.com/articles/javascript-cryptography/ WHAT DO YOU MEAN, "JAVASCRIPT CRYPTOGRAPHY"? ============================================ We mean attempts to implement security features in browsers using cryptographic algoritms implemented in whole or in part in Javascript. You may now be asking yourself, "What about Node.js? What about non-browser Javascript?". Non-browser Javascript cryptography is perilous, but not doomed. For the rest of this document, we're referring to browser Javascript when we discuss Javascript cryptography. WHAT ARE SOME EXAMPLES OF "DOOMED" BROWSER CRYPTOGRAPHY? ======================================================== You have a web application. People log in to it with usernames and passwords. You'd rather they didn't send their passwords in the clear, where attackers can capture them. You could use SSL/TLS to solve this problem, but that's expensive and complicated. So instead, you create a challenge-response protocol, where the application sends Javascript to user browsers that gets them to send HMAC-SHA1(password, nonce) to prove they know a password without ever transmitting the password. Or, you have a different application, where users edit private notes stored on a server. You'd like to offer your users the feature of knowing that their notes can't be read by the server. So you generate an AES key for each note, send it to the user's browser to store locally, forget the key, and let the user wrap and unwrap their data. [...] Henry Social Web Architect http://bblfish.net/ _______________________________________________ woes mailing list [email protected] https://www.ietf.org/mailman/listinfo/woes
