Search code examples
javascriptsecuritycryptographyw3c

WebcryptoAPI - secure or not?

This is about the new W3 WebcryptoAPI draft standard - http://www.w3.org/2012/webcrypto/WebCryptoAPI/

Here is a post by one of it's authors

https://plus.google.com/u/0/105761279104103278252/posts/CSwVZ1RUijo

It says its in part trying to change the "Javascript Cryptography Considered Hamrful" problem. However if you look at the "Javascript Cryptography Considered Hamrful" article - http://www.matasano.com/articles/javascript-cryptography/ - it seems as if most of the problems still remain unsolved. The only problem solved is that you won't have hand coded cryptographic functions in javascript - these will be provided by the browser. However, the remaining problems still remain.

Your thoughts?

Solution

  • Javascript crypto has two main problems:

    1. There is functionality that can't be written well in pure javascript. Namely a PRNG and side channel free operations. WebCryptoAPI solves these issues. So it's certainly a significant step forward.

    2. If the server becomes malicious it can serve you evil javascript. With the current architecture it's very unlikely that you catch him. WebCryptoAPI does not solve this issue.

      This is a difficult problem for which we have no good solution yet. There are some approaches to solving this problem.
      For example in the article Verifiable Logs: Solving The “Cryptocat Problem” Ben Laurie suggests that the content the webserver severs could be logged with some notaries making it possible to catch evil servers. Unfortunately this isn't easy to deploy.