[conorgil145]

Wouldn't it make even more sense to use the Web Crypto API instead of any JS crypto library loaded from the server?

[viktorelofsson]

Yes, that would probably make sense for the browsers that supports it. Which seems to be mostly everyone except IE.

It will be fixed in the next update!

[tptacek]

Don't bother. You won't gain any meaningful security, and you'll be using the same error-prone, outmoded constructions. Even if you had built this application in perfect, error-proof Haskell, it would still be insecure because of the way you're using AES. Adopt a credible NaCL library.

Really though, if you're interested in crypto, I strongly urge you not to go the route of trying to build crypto applications. The crypto apps people really need are extremely hard to build safely.

A better place to start with crypto is to learn how to break it. The cryptopals challenges are programming intensive and don't have any prerequisites; or, check out LVH's Crypto 101.

[viktorelofsson]

I took your advice from the other comment and started using TweetNaCl.js which had some pretty good endorsements :)

I’ll definitely check out some more sources on crypto in general. Thanks for the input, really!