ppl say js crypto is slow but it's actually nothing compared to how long it takes to insert a 3mb encrypted blob into an HTML textarea
@jrmithdobbs and in the absence of a native implementation is full of timing sidchannels that can be used to recover private keys
-
-
@bascule I'm not even sure I can estimate the increase in difficulty vs verifying native impl in the real world of microcode. Or if there is -
@bascule Think the real issue comes in bootstrapping the environment and it being forced to be tied to x509/TLS in the real world right now. -
@bascule combined with the semantics of JS scoping you never REALLY know what code's running. Timing side channels seem resovable in comp -
@bascule thankfully w3c determined to ensure this never gets improved. Lol web crypto or whatever they called that worthless shit. -
@bascule but re: the timing issue, can be addressed somewhat by repurposing wheat/chaff concept and burning cycles using random junk keys. -
@bascule just expensive and inefficient. I think hw getting to point where feasible for real application tho. -
@bascule I mean, we can't just give up on platforms with timing issues. Just for browser based JS that's the least of the problems. -
@jrmithdobbs I'm not sure what crack you're smoking but keep it to yourself, please - 1 more reply
New conversation -
-
-
@bascule in all honesty with some thought I'm not convinced this is *impossible* just difficult.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@bascule I actually have some node+client code that does 2 factor auth in browser but it's so unsafe I feel irresponsible even showing.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@bascule Ya, exactly. Tried to fit that explanation into the tweet and failed. ;pThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.