[lmm]

Don't implement your own crypto. Better people than you have tried and failed. Everyone should know this by now. If you can innovate on the usability, that's great, and we really do need that - but build it on top of a well known, peer-reviewed protocol like OpenPGP. It's not like it's even any harder than rolling your own.

[rudin]

Definitely. I'm really interested in the progress of OpenPGP.js. It could possibly replace a lot of the sketchier parts of Cryptocat.

[daeken]

Even if it does, it still won't help. Crypto in the browser is like playing soccer in a minefield: either you don't move or you lose a leg. Either way, your game is hosed.

The issues are, to put it mildly, insurmountable. The environment is simply too toxic to trust. Between standard Web security flaws, timing attacks (what happens when one context can detect the timing of another? Remember, the code is slow, so your resolution doesn't have to be good), inadequate random number generators, an inability to securely manage memory (don't want key materials floating around), etc.

I'd rather trust Bob's Discount Car And Certificate Authority than JS crypto.

[thirsteh]

Unfortunately, after the recent revelations this is how I feel about computers in general :)