
Stanford Javascript Crypto Library - ColinWright
http://bitwiseshiftleft.github.com/sjcl
======
thirsteh
something something tptacek

Javascript Cryptography Considered Harmful -
<http://www.matasano.com/articles/javascript-cryptography/>

~~~
tptacek
SJCL is a very nice piece of code. Not all Javascript has to run in a browser.

~~~
thirsteh
That's what it'll be used for, and what it's advertised for, though ("SJCL is
cross-browser!", "SJCL is a project to create a secure [...] cross-browser
library for cryptography in Javascript") By your own argument such libraries
are inherently insecure regardless of the niceness of their implementation.

To be fair, the authors do state that they believe it provides the best level
of security attainable via Javascript/in the browser, and that it's not on par
with desktop applications--but that's just it. It shouldn't be done in the
browser in the first place. The fact that it's written by Stanford students
makes it even worse: It'll make people more inclined to do the wrong thing.

