|
|
|
|
|
|
by daeken
4546 days ago
|
|
|
Even if it does, it still won't help. Crypto in the browser is like playing soccer in a minefield: either you don't move or you lose a leg. Either way, your game is hosed. The issues are, to put it mildly, insurmountable. The environment is simply too toxic to trust. Between standard Web security flaws, timing attacks (what happens when one context can detect the timing of another? Remember, the code is slow, so your resolution doesn't have to be good), inadequate random number generators, an inability to securely manage memory (don't want key materials floating around), etc. I'd rather trust Bob's Discount Car And Certificate Authority than JS crypto. |
|
|