Hi Bruno,
thank you for your answers
On Wed, 2013-11-27 at 11:27 -0200, Bruno Oliveira wrote:
Good morning Apostolos, answers inline.
For this release, asymmetric encryption wasn’t our first priority becausethe development
of the server for key management will be necessary. We are aware about NIST
recommendations, but if you want some sense of high encryption and paranoia, we should
never use standard curves recommended by NIST.
That said, the solo reason to stick to default values is because we didn’t start the
development of the server as well the tests between client/server.
makes sense
JS cryptography is already tough to deal with, introduce weak RNGs would make things
worse.
Into this scenario, if for some reason the browser doesn’t support it, we can raise an
error or something like that.
+1 for a meaningful thrown error that WebCryptoAPI is not implemented by
the browser
Thanks,
Tolis