[MatthiasPfau]

Crypto within the browser is a challenge, but possible. Here are some points to consider: 1. You need strong random numbers. 2. The browser automatically downloads the client application on each reload. 3. XSS attacks are a problem for all applications running in a browser. 4. Beware of browser plugins: They might log keys entered (Never install evil plugins!)

This is how we mitigate these challenges: 1. We use the Fortuna algorithm to generate strong random numbers, seeded with crypto.getRandomValues(), mouse events, key events, ping times, and the state of the random generator of previous sessions. 2. We install the application to the browser cache. A reload only happens upon releasing an application update and the user gets notified automatically. Alternatively you can run your own application locally (see github). The download of the application is secured with SSL and DANE. 3. XSS: We use google-caja to mitigate XSS attacks and will introduce Content Security Policy (CSP) within a few months. Any further concerns, just ask!