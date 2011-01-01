I've used it to build a non-profit decentralized encryption tool that can be used to send and receive files that will self-decrypt using SJCL, JavaScript FileReader, and HTML5 download attributes.
User A creates a password to encrypt a file using this client-side mechanism - which produces a self-decrypting HTML file. User B opens this HTML file in their browser which will ask them for the password to decrypt the file allowing them to download the original file all without a server. The homepage can be downloaded and self-hosted at will.
https://zipit.io/
reply
And also:
XSS vuln on your website? crypto.js is useless since attacker will just exfiltrate your private key / password through XSS.
The browser is wonderful for UI but mashing together code and markup and then trying to permissively parse and execute it never goes well for security.
Even if it's secure against XSS, HTTPS is intact, etc, you are ultimately putting presumably sensitive data into code someone else wrote and then allowing it to run on your machine with explicit network access.
The crypto implementation may be flawed, or the developer may even send your private key up or other data that you don't expect it to be sending (whether it is out of lack of understanding, accident or malice). It would be nearly impossible for you to spot if it's just sent as part of the big blob of encrypted data you expect it to be sending. The blob being bigger than you expect might be a clue, but the only way to know for sure is to audit the code, and if the code if obfuscated/minimized that could be quite the task in itself.
This is really not a problem of browser crypto at all; this is a problem of trust of the code you're executing and using.
Not in the case of browsers' extensions or Electron/NW.js apps.
> XSS vuln on your website? crypto.js is useless since attacker will just exfiltrate your private key / password through XSS.
It's not like buffer overread and other vulns don't exist in the non-browser world. Also, a huge amount of XSS vulns can be avoided by having a good CSP config.
Now I'm not supporting javascript crypto. Just responding to some of your points. Inb4 some crypto SJW quotes me on that.
Although I have no idea about the state of the thing.
Here is the gist, copied for convenience:
> There are libraries that do implement the desired functionality, e.g. Stanford Javascript Crypto Library. There are inherent weaknesses, though (as referred to in the link from @ircmaxewell's answer):
- Lack of entropy / random number generation;
- Lack of a secure keystore i.e. the private key must be password-protected if stored locally, or stored on the server (which bars offline access);
- Lack of secure-erase;
- Lack of timing characteristics.
> Each of these weaknesses corresponds with a category of cryptographic compromise. In other words, while you may have "crypto" by name, it will be well below the rigour one aspires to in practice.
> These concerns will likely be addressed in the WebCrypto API, but that is not here yet.
Now, are they useful and used? I don't know...
I've used it to build a non-profit decentralized encryption tool that can be used to send and receive files that will self-decrypt using SJCL, JavaScript FileReader, and HTML5 download attributes.
User A creates a password to encrypt a file using this client-side mechanism - which produces a self-decrypting HTML file. User B opens this HTML file in their browser which will ask them for the password to decrypt the file allowing them to download the original file all without a server. The homepage can be downloaded and self-hosted at will.
https://zipit.io/
reply