[rudin]

Guy creates a blog and his first single post is to discourage someone truly trying to innovate in the cryptography space (though admittedly more in usability aspects).

After listening to Glen Greenwald at the CCC it was quite clear that cryptography that is easier to use than PGP is really needed in this world (he almost lost the Snowden story due to it). I think that Nadim needs to be encouraged. Sure, point out any flaws but aim for constructive feedback.

The points here centre around it "not good enough". This is a bit of a chicken and egg problem and isn't really helpful.

[lmm]

Don't implement your own crypto. Better people than you have tried and failed. Everyone should know this by now. If you can innovate on the usability, that's great, and we really do need that - but build it on top of a well known, peer-reviewed protocol like OpenPGP. It's not like it's even any harder than rolling your own.

[rudin]

Definitely. I'm really interested in the progress of OpenPGP.js. It could possibly replace a lot of the sketchier parts of Cryptocat.

[daeken]

Even if it does, it still won't help. Crypto in the browser is like playing soccer in a minefield: either you don't move or you lose a leg. Either way, your game is hosed.

The issues are, to put it mildly, insurmountable. The environment is simply too toxic to trust. Between standard Web security flaws, timing attacks (what happens when one context can detect the timing of another? Remember, the code is slow, so your resolution doesn't have to be good), inadequate random number generators, an inability to securely manage memory (don't want key materials floating around), etc.

I'd rather trust Bob's Discount Car And Certificate Authority than JS crypto.

[thirsteh]

Unfortunately, after the recent revelations this is how I feel about computers in general :)

[endou]

Well a blog is probably going to have a first article :\

I agree that the "world" could benefit from an easier to use cryptography product than PGP (event thought I'm fine with PGP) and I think that this post is valid criticism.

Disclaimer: Not a cryptography expert in any way, neither annoyed by the fact cryptography is hard and will probably benefit from processes like peer-review.