[mdp]

It's definitely a questionable javascript library, I wrote it back in 2008 after reading the wikipedia article :)

It was designed to interop with OpenSSL's default command line AES crypto, which has some weak points, mostly around the IV selection.

That being said, the biggest weakness will always be that it's running in the browser and open to injection attacks.

But while I think there's definitely better crypto chat solutions out there, it's nice to see people taking an interest in the subject. And let's not kid ourselves, the vast majority of NSA data collection is probably less about sophisticated encryption attacks, and more about the clever application of political/police powers.