
PolyCrypt: WebCrypto API Polyfill In JavaScript Funded by Homeland Security - cleverjake
http://badassjs.com/post/40101764862/polycrypt-a-webcrypto-api-polyfill-in-javascript
======
im_dario
I understand why JS crypto is insecure (they are obvious) but I get the
feeling from linked article that even hashing a password is insecure.

Why it should be insecure to hash data locally? As I said, I understand this
for two-ways algorithms (crypto) but I don't for one-way ones (hashing).

~~~
saurik
Before I say anything, most arguments against JavaScript crypto assume you are
using a browser to develop a web page; if you are not, then it shouldn't be
any different than using any other quirky scripting language.

So, the goal of hashing the password is what... to keep from sending the
password to the server? And the reason that you don't just do that (using SSL,
for example) is because you don't trust the server, right?

Well, if you have compromised the server, you can probably just return a
different version of the JavaScript that sends the password anywhere you want:
the entire premise of JavaScript assumes you trust the server.

(The code could still come from your sever, and protect you and your user
against an unrelated compromise in a JSONP API service you are using. FWIW, I
think anti-JS crypto people are overly zealous.)

~~~
im_dario
Hashing the password in browser would be just another layer, just for
preventing MITM attacks (or Nokia decrypting your SSL traffick in their low-
bandwith Internet service). But, as you said, if the server is compromised, it
just doesn't matter.

