The NCC "browser JS crypto considered harmful" statement is nearly 8 years old. I'd love to read an updated version. https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/august/javascript-cryptography-considered-harmful/ …
-
-
Replying to @dietrich
Interesting, never read it before. Seems needlessly sensational and the real points I could find are largely mitigated with new web features
1 reply 0 retweets 1 like -
Replying to @EnglishMossop @dietrich
To be clear, still wouldn't advocate for writing core crypto in JS, but DOM crypto exists now, as does ubiquitous TLS.
1 reply 0 retweets 2 likes
Replying to @EnglishMossop
Yeah, between new web features and a massive shift in encryption defaults in websites (backed up by web browser security ux), the environment is pretty different. I'd like an updated version!
3:56 PM - 16 May 2019
0 replies
0 retweets
1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.