Click to enlarge

Why Browser Cryptography is Bad and How We Can Make It Great

Saturday, July 14, 2012: 10:00 am (Nutt): Web apps are becoming almost exponentially responsible for handling user data. This incredible increase summons an urgent requirement for client-side web browser crypto standards. However, web browsers lack client-side crypto standards for building blocks such as secure block ciphers, public key schemes, and hashing algorithms. Developers currently rely on JavaScript crypto libraries in order to implement these functions, which can, admittedly, provide strong crypto in some situations, but still falter when faced with certain attacks. This talk will look at Cryptocat, a security-centric web-chat client with client-side cryptography, and also focus on the problems, the solutions, and the limitations of JavaScript cryptography. There will be a discussion of potential solutions to these problems, which may very well require the implementation of an integrated universal web browser standard for client-side cryptography.

Hosted by Nadim Kobeissi




HN9C13$5.00