WingNews logo WingNews
top | item 13821595

(no title)

9gunpi | 9 years ago

I feel WebCrypto (strange architectural choices made by people whose priorities are availability of crypto, not consistency of security) is even more questionable than running SJCL (a good crypto done by good people in questionable environment) in browser.

discuss

order

tptacek|9 years ago

I agree. Not making this up: the primary goal of WebCrypto was the elimination of Flash and plugins to enable streaming media players. It's not designed for security. It eliminates some of the least worrisome flaws in browser crypto (side-channel attacks against the lowest-level primitives) but leaves all the rest of the problems intact.

giaour|9 years ago

Can you recommend any reading on the subject? I've found WebCrypto to be a vast improvement over the alternatives.