W3C home > Mailing lists > Public > public-identity@w3.org > September 2011

Re: Javascript Cryptography Considered Harmful

From: Nico Williams <nico@cryptonector.com>
Date: Wed, 21 Sep 2011 15:25:55 -0500
Message-ID: <CAK3OfOioZN2vH3zxCYTZ2Y=2LTnXm+xUVL2k9WF8sxDeg0fQNg@mail.gmail.com>
To: Henry Story <henry.story@bblfish.net>
Cc: public-identity@w3.org
On Wed, Sep 21, 2011 at 2:22 PM, Henry Story <henry.story@bblfish.net> wrote:
> An interesting article. I have not yet read it through in detail. I was wondering what people made of it here.
> http://www.matasano.com/articles/javascript-cryptography/

At the W3C IDBROWSER workshop some of us said that JS crypto would be
a bad thing overall.

My reasons:

 - without a way to trust the script, you get no real benefit, but you
get a false sense of security ("my widget uses military-grade

 - we need cryptographic protocols, yes, but there's not so many use
cases where JS is an appropriate place to implement them (maybe
something like OTR, if the script can be trusted);

 - developers will make serious mistakes in putting together crypto
primitives incorrectly.

However, we did discuss some possible legit uses of JS crypto.  For
example, suppose user profile data were stored encrypted, with the key
being stored on the user-agent device (or derived locally from a
password) and sent back to the server unencrypted (over TLS, of
course) when the server needs it.  This would encourage servers to not
store user profile data in the clear (nor decryption keys for it) when
the user is logged out.

Received on Wednesday, 21 September 2011 20:26:22 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:00:47 UTC