[ablankst]

I'm on the engineering team at Blockstack, and wrote the client-side encryption functions used by applications.

I totally agree with the idea that if software uses encryption, it should be documented, open-source, and ideally use a standard encryption protocol. Being able to say "this is exactly how encryption works" in a system is important, and I'm glad you're asking these questions.

Encryption in Blockstack apps is performed client-side via library calls in blockstack.js (our javascript library). The encryption routines are implemented here [1], and implement ECIES, using the user's application-specific private key. That private key is passed to an application during the application authentication process [2]. All a blockstack application has to do is pass { "encrypt": true } in the storage routines, and this is invoked.

We definitely would like to provide better documentation and messaging around how applications engage and use our client libraries -- and documenting our encryption routines is part of that. However, in the meantime, you can feel free to check out or codebase (it's all open source), and we'd always welcome any kind of feedback!

[1] https://github.com/blockstack/blockstack.js/blob/master/src/...

[2] https://github.com/blockstack/blockstack.js/blob/feature/aut...

[peterwwillis]

Nobody who's serious about security is going to use an app that does crypto in javascript. Why not make browser plugins to avoid this complication?

Not to mention, if browser makers take their existing browser storage functionality and make more flexible interfaces for them, your app will be kind of useless, as the browser could sync user data with arbitrary cloud providers.

[rkangel]

Is there a fundamental issue with crypto in JS (side-channel attacks?) or is it just that available crypto libraries in JS are immature?

[cjg]

The normal complaint about crypto in JS is that, as a user, I cannot tell what JS is going to be delivered to me this time. Perhaps a security letter forced an update to broken crypto.

[twiss]

In Airborn.io, I've solved this by installing some code in a Service Worker, which verifies all updates: http://blog.airbornos.com/post/2017/08/03/Transparent-Web-Ap...

The SW stays installed for when you open the web app the next time, in essence making it a trust-on-first-use scheme.

I'm working on a library: https://github.com/airbornio/signed-web-apps

It would be cool if other web apps (including Graphite?) could implement it too.

[saas_co_de]

This is solved: https://developer.mozilla.org/en-US/docs/Web/Security/Subres...

If you really care you can check the integrity hash on your scripts before using every time.

That gives you more security than the update in your OS or Browser so they are a weaker link.

[peterwwillis]

From https://www.nccgroup.trust/us/about-us/newsroom-and-events/b...

"OK, THEN I'LL JUST SERVE A CRYPTOGRAPHIC DIGEST OF MY CODE FROM THE SAME SERVER SO THE CODE CAN VERIFY ITSELF."

"This won't work."

Your comment that "That gives you more security than the update in your OS or Browser" is patently false, I don't know why you'd suggest that.

[saas_co_de]

> THEN I'LL JUST SERVE A CRYPTOGRAPHIC DIGEST OF MY CODE

1) Javascript is open source and you can audit the code you are running.

2) You can save the HTML of a page and run your local copy so that you know the JS can't change or check the hash every time

Can you audit the code of your OS or Browser? In theory, if you are on Linux, but in practice it is too complex and voluminous for one person to do.

A browser based app is usually in the thousands of lines of open source code running in a sandbox that is very easy to debug.

The browser environment is the most secure and most easily user auditable environment there is.

Unless you expect all of your users to build your app from source on linux that they built from source you can't really get better security.

"Javascript Cryptography Considered Harmful" is old FUD. It was barely coherent when first published and the only legitimate arguments it had have been fixed.

[tasn]

Shameless plug:

I created a browser extension to solve just that: https://github.com/tasn/webext-signed-pages/

It lets devs PGP sign their web apps and verifies those signatures. We use it for the EteSync (https://www.EteSync.com) web client.

[peterwwillis]

This explains it: https://www.nccgroup.trust/us/about-us/newsroom-and-events/b...

[explorigin]

Please stop propagating this article. Its positions are out of date.

FTA: WHAT'S HARD ABOUT DEPLOYING JAVASCRIPT OVER SSL/TLS?

You can't simply send a single Javascript file over SSL/TLS. You have to send all the page contentover SSL/TLS. Otherwise, attackers will hijack the crypto code using the least-secure connection that builds the page.

---- Seriously? Serving entire websites over https is the norm these days. It appears as though the article has been added to but not updated. Current advocates should re-read the article.

[peterwwillis]

There's like 30 different points in this article.

[explorigin]

Yes, I didn't really want to go through each point in the article. But here's a few things to consider as you read it:

    - The article reads like those arguments we have in our heads where we always win.
    - The article is from 2011
    - The article says "come back in 10 years when people aren't running browsers from 2008" 
      (we're not to 2021 yet but the majority of browsers are evergreen now)
    - We have SubtleCrypto now
    - We have SubResourceIntegrity
    - We have CORS and CSP

The article has some valid points, but I posit that it is more harmful than helpful. We need an Mozilla-style "arewesecureyet" website instead.