[aerogear-dev] AeroGear JS Crypto questions/findings
Apostolos Emmanouilidis
aemmanou at redhat.com
Wed Nov 27 11:21:33 EST 2013
Hi Bruno,
thank you for your answers
On Wed, 2013-11-27 at 11:27 -0200, Bruno Oliveira wrote:
> Good morning Apostolos, answers inline.
>
>
> For this release, asymmetric encryption wasn’t our first priority becausethe development of the server for key management will be necessary. We are aware about NIST recommendations, but if you want some sense of high encryption and paranoia, we should never use standard curves recommended by NIST.
>
> That said, the solo reason to stick to default values is because we didn’t start the development of the server as well the tests between client/server.
>
makes sense
>
>
> JS cryptography is already tough to deal with, introduce weak RNGs would make things worse.
> Into this scenario, if for some reason the browser doesn’t support it, we can raise an error or something like that.
>
+1 for a meaningful thrown error that WebCryptoAPI is not implemented by
the browser
Thanks,
Tolis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20131127/91ef3fe9/attachment.html
More information about the aerogear-dev
mailing list