[dublinclontarf]

SJCL has a bug in their RSA implementation. We're using a good bit of their code with a few changes for our web client. The idea being that we don't want to store passwords, so the webclient stores an encrpyted private key and everything sent to the server must be signed.

The users id is a sha256 hash of their public key and all we keep are the public keys.

Working so far in FF and Chrome, not even trying it in IE

[xfax]

Are you at liberty to disclose what you're using this for? i'm interested in learning about legitimate use cases for SJCL.

[dublinclontarf]

The auth system for a stock/asset exchange.

[yid]

Not sure what you mean, SJCL doesn't have an RSA implementation.

[dublinclontarf]

Hmmm, indeed it doesn't. Who's RSA implementation am I using, guess I've forgotten.

[yid]

Probably Tom Wu's JSBN implementation...