@BrendanEich A very good start for protecting browsers from the NSA: implement an in-browser JS password hasher (window.crypto.pbkdf2?)
-
-
Replying to @kyledrake
@kyledrake@BrendanEich I think the best thing browsers could do is implement “server relief” for the PHC winner function /cc@veroq1 reply 0 retweets 0 likes -
-
Replying to @BrendanEich
@BrendanEich@bascule@kyledrake@VeroQ So noted. WebCrypto will do at least PBKDF2. http://www.w3.org/TR/WebCryptoAPI/#pbkdf2 …1 reply 0 retweets 0 likes -
Replying to @rlbarnes
.
@rlbarnes@BrendanEich@bascule@kyledrake@VeroQ PBKDF2 is useless: JS-based scrypt implementation will beat native PBKDF2 in attack cost1 reply 0 retweets 0 likes -
Replying to @dchest
@dchest@rlbarnes@BrendanEich@bascule@kyledrake@VeroQ webcrypto is useless without safe code distribution3 replies 0 retweets 0 likes -
Replying to @touced
.
@touced@rlbarnes@BrendanEich@bascule@kyledrake@VeroQ for client-side password prehashing builtin-vs-not webcrypto doesn't matter1 reply 0 retweets 0 likes
@dchest @touced @rlbarnes @BrendanEich @kyledrake @VeroQ it can affect performance
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.