Cryptography In The Browser Using JavaScript
Upcoming SlideShare
Loading in...5
×
 

Cryptography In The Browser Using JavaScript

on

  • 865 views

The lecture that I gave at the Toronto JavaScript meetup regarding cryptography in the browser using JavaScript

The lecture that I gave at the Toronto JavaScript meetup regarding cryptography in the browser using JavaScript

Statistics

Views

Total Views
865
Views on SlideShare
649
Embed Views
216

Actions

Likes
0
Downloads
7
Comments
0

4 Embeds 216

http://doctrina.org 208
http://localhost 6
http://dev.newsblur.com 1
http://www.inoreader.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Cryptography In The Browser Using JavaScript Cryptography In The Browser Using JavaScript Presentation Transcript

  • JavaScript Crypto In The Browser Barry Steyn barry.steyn@gmail.com March 2013Barry Steyn JavaScript Crypto In The Browser March 2013 1/9
  • Overview1 What Is Cryptography Definition2 Cryptography In The Browser: Pros and Cons The Pros3 Cryptography In The Browser: Pros and Cons The Cons4 Cryptographic Jargon Some Jargon5 Block Ciphers, MACs And Key Derivation Functions Three Important Constructions6 The Stanford JavaScript Cryptographic Library A quick Intro A Demo Barry Steyn JavaScript Crypto In The Browser March 2013 2/9
  • Cryptography: A DefinitionWikipedia DefinitionCryptography is the practice and study of techniques for securecommunication in the presence of third parties. Cryptography = Computer Security Cryptographic communication relies upon trust: Examples: You trust the other party you are communicating with, You trust a certificate authority etc The less entities that you need to trust, the better the security Therefore, a good cryptographic protocol trusts as little as possible Barry Steyn JavaScript Crypto In The Browser March 2013 3/9 View slide
  • Cryptography In The Browser: ProsWhy Would One Want To Do Crypto In JavaScript On The Client Encrypted peer-to-peer communication Users can trust less by ensuring all crypto is done locally A JavaScript interpreter is available on most internet devices Barry Steyn JavaScript Crypto In The Browser March 2013 4/9 View slide
  • Cryptography In The Browser: ConsUnfortunately, Crypto Security In The Browser Is Unknown At Best,And Insecure At Worst Here are three reasons why 1 You need to download the JS crypto library from a trusted source The less trust, the better the security. 2 A browser is not a good environment for crypto. 3 JavaScript’s maliability is great for scripting, terrible for crypto security. 4 For more info, check at http://www.matasano.com/articles/javascript-cryptography You Have Been Warned!!! Barry Steyn JavaScript Crypto In The Browser March 2013 5/9
  • Cryptography: Some JargonEncryption and Decryption Encryption Transforms a message that is in plain-text to cipher-text Decryption Transforms a cipher-text message to the original plain-textEncryption takes two inputs Key - kept secret Plain-text MessageDecryption takes two inputs Key - kept secret cipher-text message - note that this is not secret, but is only useful if one knows the secret key Barry Steyn JavaScript Crypto In The Browser March 2013 6/9
  • Cryptography: Block Cipher and Key DerivationBlock Cipher - The workhorse of the cryptographic world Input - n byte message Output - n byte cipher Example block cipher: AES. Input and output is 16 bytes (128 bits)MAC - Message Authenticating Code A MAC guarantees message integrityKey Derivation Function A key is normally derived from something a human should remember - for example, a password A key derivation function makes storage safer - It does this by doing three things: 1 Passwords are hashed so as not to store them in plain text. 2 Passwords are salted to make them more secure against a rainbow attack. 3 Key derivation is purposfully slow! Therefore, superior harware (should in theory) struggle. Barry Steyn JavaScript Crypto In The Browser March 2013 7/9
  • SJCLSo you still want to use crypto in the browser? Then use The Stanford JavaScript Crypto Library 1 Its authors are hardcore cryptographers, led by Prof. Dan Boneh of Stanford University (who personally had a hand in writing the library). 2 It is easy to use, and it tries to make things as secure as possible while adhering to ease of use. 3 Its small (6.4 KB compressed) Barry Steyn JavaScript Crypto In The Browser March 2013 8/9
  • SJCL - A Demo Demo Barry Steyn JavaScript Crypto In The Browser March 2013 9/9