4

I read this page about the danger of JS crypto in the browser.

https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/august/javascript-cryptography-considered-harmful/

But the Text has been written in 2011, I wonder if new Browsers now do support better approach to JS crypto? For example, there is this site https://www.protectedtext.com/ . They offer you Pads where the text is only stored encrypted by your password on the server. Of course it is still bad, that its an unknown server that could trick me. But assuming, I would run the code on my own server, would it be still be bad encryption, simply because JS cant generate good cyphers etc?

Klimbim
  • 167
  • 5
  • There is no problem with "good ciphers" in JavaScript, it supports all the ciphers you are used to https://diafygi.github.io/webcrypto-examples/ – eckes Jun 25 '17 at 11:56
  • just found this, it looks like the question is answered already https://security.stackexchange.com/questions/133277/problems-with-in-browser-crypto/133288 – Klimbim Jun 25 '17 at 22:55
  • you can screw up any implementation, and the web has it's own challenges, but it's not rocket science. – dandavis Jun 26 '17 at 02:52

0 Answers0