Jump to content
Nytro

Stanford Javascript Crypto Library

Recommended Posts

Posted

[h=1]Stanford Javascript Crypto Library[/h]

The Stanford Javascript Crypto Library (hosted here on GitHub) is a project by the Stanford Computer Security Lab to build a secure, powerful, fast, small, easy-to-use, cross-browser library for cryptography in Javascript.

SJCL is easy to use: simply run sjcl.encrypt("password", "data") to encrypt data, or sjcl.decrypt("password", "encrypted-data") to decrypt it. For users with more complex security requirements, there is a much more powerful API, described in the documentation and illustrated in this demo page.

SJCL is small but powerful. The minified version of the library is under 6.4KB compressed, and yet it posts impressive speed results. (TODO: put up a benchmarks page.)

SJCL is secure. It uses the industry-standard AES algorithm at 128, 192 or 256 bits; the SHA256 hash function; the HMAC authentication code; the PBKDF2 password strengthener; and the CCM and OCB authenticated-encryption modes. Just as importantly, the default parameters are sensible: SJCL strengthens your passwords by a factor of 1000 and salts them to protect against rainbow tables, and it authenticates every message it sends to prevent it from being modified. We believe that SJCL provides the best security which is practically available in Javascript. (Unforunately, this is not as great as in desktop applications because it is not feasible to completely protect against code injection, malicious servers and side-channel attacks.)

SJCL is cross-browser. We hope. We've tested it on all the install browsers on the security lab computers (including various versions of Internet Explorer, Chrome, Firefox, Safari and Opera on Mac, Linux and Windows) and on the rhino engine, but still need to do more comprehensive testing. We have a test page up on this site; if it reports any failures, please report an issue.

SJCL is open. You can use, modify and redistribute it under a BSD license or under the GNU GPL, version 2.0 or higher.

SJCL supports primarily symmetric-key cryptography, but there's an experimental branch with elliptic curve support (ECDH public key encryption and ECDSA signatures).

SJCL was written by Emily Stark, Mike Hamburg and Dan Boneh at Stanford University. Special thanks to Aldo Cortesi and Roy Nicholson for reporting bugs in earlier versions of SJCL. A whitepaper on SJCL (also by Emily Stark, Mike Hamburg and Dan Boneh) was published in the 2009 Annual Computer Security Applications Conference.

Sursa: Stanford Javascript Crypto Library

Posted

Daca ai de facut multe encriptari pe servar chestia asta te poate scapa de cateva cpu cycles, cam asta e singurul avantaj, dar are multe dezavataje, si anume usere-ul poate schimba functionarea sjcl.encrypt, iar daca mai si stochezi rezultatul metodei sjcl.encrypt nu e bine deloc ... deci e cam pretty useless, pt ca daca faci o verificare server-side a rezultatului faci o operatie in plus si te aduce de unde ai plecat. Cel putin asa vad eu ...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...