@BrendanEich A very good start for protecting browsers from the NSA: implement an in-browser JS password hasher (window.crypto.pbkdf2?)
@kyledrake @BrendanEich I think the best thing browsers could do is implement “server relief” for the PHC winner function /cc @veroq
-
-
@BrendanEich@bascule@kyledrake@VeroQ So noted. WebCrypto will do at least PBKDF2. http://www.w3.org/TR/WebCryptoAPI/#pbkdf2 … -
.
@rlbarnes@BrendanEich@bascule@kyledrake@VeroQ PBKDF2 is useless: JS-based scrypt implementation will beat native PBKDF2 in attack cost -
@dchest@rlbarnes@BrendanEich@bascule@kyledrake@VeroQ webcrypto is useless without safe code distribution -
@touced@dchest@rlbarnes@BrendanEich@kyledrake@VeroQ I wrote a whole blog post about that ;) -
@bascule@dchest@rlbarnes@BrendanEich@kyledrake@VeroQ it seems to be always the neglected "detail" about it -
@bascule ah yeah, saw it a while ago, I'll give it a reread
End of conversation
New conversation
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.