W3C home > Mailing lists > Public > public-identity@w3.org > September 2011

Re: Javascript Cryptography Considered Harmful

From: John Kemp <john@jkemp.net>
Date: Wed, 21 Sep 2011 22:33:35 -0400
Cc: Henry Story <henry.story@bblfish.net>, public-identity@w3.org
Message-Id: <38C0D5A4-FC6E-442C-851B-510FB2C9049D@jkemp.net>
To: David Dahl <ddahl@mozilla.com>
On Sep 21, 2011, at 4:36 PM, David Dahl wrote:

> John:
> 
> A key generated for origin A can never be used for origin B. In fact, the private keys are inaccessible to content JS entirely.

Is the private key private to the client or to origin A? Is the server merely instructing the client on which key (generated based on instruction from the server) to use when encrypting data sent to its own origin? In other words is the server asking the client to use origin A's key to encrypt data from the client to origin A?

> 
> No doubt there are still issues, regardless. Web devs are leading here with very unsafe all-in-JS crypto primitives - and key handling. The main point is that DOMCrypt gives developers well-worn crypto primitives that have been in browsers for years. 

I think the gist of the Matasano blog post (this is my interpretation anyway) is that you can given them (Javascript developers) these things and it doesn't solve the essential problem of trust between client and server. In other words, it is still possible for an MITM to make the client believe it is interacting with a trustworthy entity, in which case, the encryption part itself is very much less useful. Or, at least, it is no more useful than SSL/TLS.

Regards,

- John

> 
> Cheers,
> 
> David
> 
> ----- Original Message -----
> From: "John Kemp" <john@jkemp.net>
> To: "David Dahl" <ddahl@mozilla.com>
> Cc: "Henry Story" <henry.story@bblfish.net>, public-identity@w3.org
> Sent: Wednesday, September 21, 2011 3:12:30 PM
> Subject: Re: Javascript Cryptography Considered Harmful
> 
> On Sep 21, 2011, at 3:55 PM, David Dahl wrote:
> 
>> I provided feedback through this blog post: http://monocleglobe.wordpress.com/2011/08/30/javascript-and-crypto/
> 
> One of the concerns of the blog post is that if you trust the server to deliver you code for doing crypto, why don't you trust the server to "just" do SSL? 
> 
> In the DOMCrypt proposal, can an origin generate a key and tell the client to use it? If so, how does that deal with the MITM which tells the browser to create a key for some origin, and then encrypt the user's password and send it to the server with that origin?
> 
> Regards,
> 
> - John
> 
>> 
>> Regards,
>> 
>> David
>> 
>> ----- Original Message -----
>> From: "Henry Story" <henry.story@bblfish.net>
>> To: public-identity@w3.org
>> Sent: Wednesday, September 21, 2011 2:22:52 PM
>> Subject: Javascript Cryptography Considered Harmful
>> 
>> An interesting article. I have not yet read it through in detail. I was wondering what people made of it here.
>> 
>> http://www.matasano.com/articles/javascript-cryptography/
>> 
>> Henry
>> 
>> Social Web Architect
>> http://bblfish.net/
>> 
>> 
>> 
> 
> 
Received on Thursday, 22 September 2011 02:34:03 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 22 September 2011 02:34:04 GMT