[stevekl]

And don't forget the end-to-end project[1], which is the javascript crypto library by google.

The significance of these types of project extend beyond browser privacy. As crypto-currency become more prominent, we NEED better, carefully auditted javascript crypto-libraries.

Right now, all the crypto-code are home baked. e.g.: https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/src/e...

While, I think they are all doing a fine job. It is not settling to think that these mission critical, crypto-code is not vetted by cryptographers.

In fact, a few months ago, there was a bug where the nonce for each signature was not set properly that basically meant you were able to work out the private key for 2 different signatures. Some users lost funds due to the bug.

These open initiatives will lay an important foundation.

[1]https://code.google.com/p/end-to-end/

[tomp]

I don't think that JS or any other interpreted/JIT-compiled crypto code will ever be vetted by cryptographers. Simply the fact that you can't control the memory, CPU cache and instruction scheduling means that your code is vulnerable to at least side-channel exploits.

[bradleyjg]

The Stanford Javascript Crypto Library was written / overseen by Dan Boneh who is a serious cryptographer by any definition.

http://bitwiseshiftleft.github.io/sjcl/

[tomp]

> We believe that SJCL provides the best security which is practically available in Javascript. (Unforunately, this is not as great as in desktop applications because it is not feasible to completely protect against code injection, malicious servers and side-channel attacks.)

[bradleyjg]

And? It's vetted by a cryptographer who noted the caveats that apply. Do you take 'vetted' to mean 'unreservedly recommend'?

[wglb]

I would, yes.

His disclaimer mentions three game-over problems.

[richardwhiuk]

Obligatory link to "Javascript Cryptography considered harmful" which neatly summarizes the pitfalls here: http://matasano.com/articles/javascript-cryptography/

[nikcub]

Browser extensions are cryptographically signed and verified, while web application javascript is not.

The problem isn't with javascript, it is with delivering javascript in a web-based application (amongst other concerns).

Most of the other concerns about web delivered javascript also don't apply to extension security. Example: a web application can't interfere with the execution of extension code since extensions reside within their own context and cross-origin rules apply (there are special API's accessibly only from the extension to call into the web javascript).

End-to-end from Google is a browser extension, and it is signed by the developers and then verified on install. It is more secure than a traditional desktop software installation.

[anon1385]

Holy crap, people are actually using javascript crypto for bitcoin‽

[scintill76]

They also pretty commonly use in-browser JS SHA256 to derive private keys from human-generated passphrases: https://brainwallet.github.io/ There have been reports of pretty obscure, but still guessable, keys being cracked this way.

Bitcoin is fascinating just because it makes these sorts of things worth untraceable money, sometimes a lot of money, and puts it in the hands of people who have never had that sort of responsibility. Whatever else cryptocurrency does, maybe it will teach laypeople about these things, devise new ways to teach them and new technological measures to increase their safety.

[schoen]

An excellent use of an interrobang!