ppl say js crypto is slow but it's actually nothing compared to how long it takes to insert a 3mb encrypted blob into an HTML textarea
-
-
Replying to @jrmithdobbs
@jrmithdobbs and in the absence of a native implementation is full of timing sidchannels that can be used to recover private keys4 replies 0 retweets 0 likes -
Replying to @jrmithdobbs
@bascule Think the real issue comes in bootstrapping the environment and it being forced to be tied to x509/TLS in the real world right now.1 reply 0 retweets 0 likes -
Replying to @jrmithdobbs
@bascule combined with the semantics of JS scoping you never REALLY know what code's running. Timing side channels seem resovable in comp1 reply 0 retweets 0 likes -
Replying to @jrmithdobbs
@bascule thankfully w3c determined to ensure this never gets improved. Lol web crypto or whatever they called that worthless shit.2 replies 0 retweets 0 likes -
Replying to @jrmithdobbs
@jrmithdobbs are you literally arguing "Fuck WebCrypto, let's just implement everything ourselves in JavaScript?"1 reply 0 retweets 0 likes -
Replying to @jrmithdobbs
@bascule and that I don't think the timing issues are the only, let alone worst, parts of the problem.2 replies 0 retweets 0 likes
@jrmithdobbs sure, I wrote a whole blog post to that effect: http://tonyarcieri.com/whats-wrong-with-webcrypto …
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.