JavaScript Crypto In The Browser                            Barry Steyn                       barry.steyn@gmail.com       ...
Overview1   What Is Cryptography     Definition2   Cryptography In The Browser: Pros and Cons      The Pros3   Cryptography...
Cryptography: A DefinitionWikipedia DefinitionCryptography is the practice and study of techniques for securecommunication i...
Cryptography In The Browser: ProsWhy Would One Want To Do Crypto In JavaScript On The Client   Encrypted peer-to-peer comm...
Cryptography In The Browser: ConsUnfortunately, Crypto Security In The Browser Is Unknown At Best,And Insecure At Worst   ...
Cryptography: Some JargonEncryption and Decryption    Encryption Transforms a message that is in plain-text to cipher-text...
Cryptography: Block Cipher and Key DerivationBlock Cipher - The workhorse of the cryptographic world    Input - n byte mes...
SJCLSo you still want to use crypto in the browser?             Then use The Stanford JavaScript Crypto Library  1   Its a...
SJCL - A Demo                             Demo     Barry Steyn   JavaScript Crypto In The Browser   March 2013   9/9
Upcoming SlideShare
Loading in …5
×

Cryptography In The Browser Using JavaScript

1,670 views

Published on

The lecture that I gave at the Toronto JavaScript meetup regarding cryptography in the browser using JavaScript

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Cryptography In The Browser Using JavaScript

  1. 1. JavaScript Crypto In The Browser Barry Steyn barry.steyn@gmail.com March 2013Barry Steyn JavaScript Crypto In The Browser March 2013 1/9
  2. 2. Overview1 What Is Cryptography Definition2 Cryptography In The Browser: Pros and Cons The Pros3 Cryptography In The Browser: Pros and Cons The Cons4 Cryptographic Jargon Some Jargon5 Block Ciphers, MACs And Key Derivation Functions Three Important Constructions6 The Stanford JavaScript Cryptographic Library A quick Intro A Demo Barry Steyn JavaScript Crypto In The Browser March 2013 2/9
  3. 3. Cryptography: A DefinitionWikipedia DefinitionCryptography is the practice and study of techniques for securecommunication in the presence of third parties. Cryptography = Computer Security Cryptographic communication relies upon trust: Examples: You trust the other party you are communicating with, You trust a certificate authority etc The less entities that you need to trust, the better the security Therefore, a good cryptographic protocol trusts as little as possible Barry Steyn JavaScript Crypto In The Browser March 2013 3/9
  4. 4. Cryptography In The Browser: ProsWhy Would One Want To Do Crypto In JavaScript On The Client Encrypted peer-to-peer communication Users can trust less by ensuring all crypto is done locally A JavaScript interpreter is available on most internet devices Barry Steyn JavaScript Crypto In The Browser March 2013 4/9
  5. 5. Cryptography In The Browser: ConsUnfortunately, Crypto Security In The Browser Is Unknown At Best,And Insecure At Worst Here are three reasons why 1 You need to download the JS crypto library from a trusted source The less trust, the better the security. 2 A browser is not a good environment for crypto. 3 JavaScript’s maliability is great for scripting, terrible for crypto security. 4 For more info, check at http://www.matasano.com/articles/javascript-cryptography You Have Been Warned!!! Barry Steyn JavaScript Crypto In The Browser March 2013 5/9
  6. 6. Cryptography: Some JargonEncryption and Decryption Encryption Transforms a message that is in plain-text to cipher-text Decryption Transforms a cipher-text message to the original plain-textEncryption takes two inputs Key - kept secret Plain-text MessageDecryption takes two inputs Key - kept secret cipher-text message - note that this is not secret, but is only useful if one knows the secret key Barry Steyn JavaScript Crypto In The Browser March 2013 6/9
  7. 7. Cryptography: Block Cipher and Key DerivationBlock Cipher - The workhorse of the cryptographic world Input - n byte message Output - n byte cipher Example block cipher: AES. Input and output is 16 bytes (128 bits)MAC - Message Authenticating Code A MAC guarantees message integrityKey Derivation Function A key is normally derived from something a human should remember - for example, a password A key derivation function makes storage safer - It does this by doing three things: 1 Passwords are hashed so as not to store them in plain text. 2 Passwords are salted to make them more secure against a rainbow attack. 3 Key derivation is purposfully slow! Therefore, superior harware (should in theory) struggle. Barry Steyn JavaScript Crypto In The Browser March 2013 7/9
  8. 8. SJCLSo you still want to use crypto in the browser? Then use The Stanford JavaScript Crypto Library 1 Its authors are hardcore cryptographers, led by Prof. Dan Boneh of Stanford University (who personally had a hand in writing the library). 2 It is easy to use, and it tries to make things as secure as possible while adhering to ease of use. 3 Its small (6.4 KB compressed) Barry Steyn JavaScript Crypto In The Browser March 2013 8/9
  9. 9. SJCL - A Demo Demo Barry Steyn JavaScript Crypto In The Browser March 2013 9/9

×