Nytro Posted March 19, 2013 Report Posted March 19, 2013 [h=1]Stanford Javascript Crypto Library[/h] The Stanford Javascript Crypto Library (hosted here on GitHub) is a project by the Stanford Computer Security Lab to build a secure, powerful, fast, small, easy-to-use, cross-browser library for cryptography in Javascript. SJCL is easy to use: simply run sjcl.encrypt("password", "data") to encrypt data, or sjcl.decrypt("password", "encrypted-data") to decrypt it. For users with more complex security requirements, there is a much more powerful API, described in the documentation and illustrated in this demo page. SJCL is small but powerful. The minified version of the library is under 6.4KB compressed, and yet it posts impressive speed results. (TODO: put up a benchmarks page.) SJCL is secure. It uses the industry-standard AES algorithm at 128, 192 or 256 bits; the SHA256 hash function; the HMAC authentication code; the PBKDF2 password strengthener; and the CCM and OCB authenticated-encryption modes. Just as importantly, the default parameters are sensible: SJCL strengthens your passwords by a factor of 1000 and salts them to protect against rainbow tables, and it authenticates every message it sends to prevent it from being modified. We believe that SJCL provides the best security which is practically available in Javascript. (Unforunately, this is not as great as in desktop applications because it is not feasible to completely protect against code injection, malicious servers and side-channel attacks.) SJCL is cross-browser. We hope. We've tested it on all the install browsers on the security lab computers (including various versions of Internet Explorer, Chrome, Firefox, Safari and Opera on Mac, Linux and Windows) and on the rhino engine, but still need to do more comprehensive testing. We have a test page up on this site; if it reports any failures, please report an issue. SJCL is open. You can use, modify and redistribute it under a BSD license or under the GNU GPL, version 2.0 or higher. SJCL supports primarily symmetric-key cryptography, but there's an experimental branch with elliptic curve support (ECDH public key encryption and ECDSA signatures). SJCL was written by Emily Stark, Mike Hamburg and Dan Boneh at Stanford University. Special thanks to Aldo Cortesi and Roy Nicholson for reporting bugs in earlier versions of SJCL. A whitepaper on SJCL (also by Emily Stark, Mike Hamburg and Dan Boneh) was published in the 2009 Annual Computer Security Applications Conference.Sursa: Stanford Javascript Crypto Library Quote
Azrael-sub7 Posted March 19, 2013 Report Posted March 19, 2013 Daca ai de facut multe encriptari pe servar chestia asta te poate scapa de cateva cpu cycles, cam asta e singurul avantaj, dar are multe dezavataje, si anume usere-ul poate schimba functionarea sjcl.encrypt, iar daca mai si stochezi rezultatul metodei sjcl.encrypt nu e bine deloc ... deci e cam pretty useless, pt ca daca faci o verificare server-side a rezultatului faci o operatie in plus si te aduce de unde ai plecat. Cel putin asa vad eu ... Quote