- From: Nico Williams <nico@cryptonector.com>
- Date: Thu, 9 Jun 2011 16:23:52 -0500
- To: David Dahl <ddahl@mozilla.com>
- Cc: public-web-security@w3.org, Jarred Nicholls <jarred@sencha.com>
On Thu, Jun 9, 2011 at 4:17 PM, David Dahl <ddahl@mozilla.com> wrote: >> Alright, you've found a use for JS crypto for which I can get >> on-board. Although key management is a problem (e.g., if derived from >> a password then an attacker could mount offline dictionary attacks >> after acquiring a copy of the ciphertext). >> >> (Or did you mean on the client-side?) >> > The client does all crypto operations and the server is only given cipher text to store - and, yes, key management is still a problem, which I know is a huge problem that will have a solution at some point. I think starting small and focused is a good way to get things rolling. This API is useful enough as is, and a key management and exchange API will be designed to complement this. You've sold me on one clever use for JS crypto APIs. Given that I can ignore my concern regarding false sense of security in other uses. I'm still concerned that developers will not use crypto correctly (consider the CBC padding oracle vulnerabilities we've seen in the past), so I'd rather we offer AEAD APIs than, or at least in addition to, say, raw AES APIs. Nico --
Received on Thursday, 9 June 2011 21:24:25 UTC