All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Addressing JavaScript Cryptography Security Challenges Through Web Auditability

By

doomrobo

7mo ago· 29 min readenInsight
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

A five-star bake. Worth schmearing, sharing, saving.

Score100TypeanalysisSentimentneutral

Summary

This article examines the fundamental security challenges with JavaScript cryptography on the web, particularly the problem of code distribution and auditability. The author explains why JavaScript cryptography has been considered harmful since 2011, using end-to-end encrypted messaging applications as an example to illustrate how compromised applications can undermine security. The article previews a new specification co-authored by the writer that aims to add auditability to web applications, addressing the core issue that there's currently no way to verify client-side code integrity as it changes.

Key quotes

· 5 pulled
It is as true today as it was in 2011 that Javascript cryptography is Considered Harmful.
The main problem is code distribution.
If the application is compromised, what would stop the malicious...
Today, there's no way to audit a site's client-side code as it changes, making it hard to trust sites that use cryptography.
We preview a specification we coauthored that adds auditability to the web.
Snippet from the RSS feed
Today, there's no way to audit a site’s client-side code as it changes, making it hard to trust sites that use cryptography. We preview a specification we coauthored that adds auditability to the web.

You might also wanna read

How Shamir's Secret Sharing Algorithm Enables Threshold Cryptography

This article explains Adi Shamir's Secret Sharing algorithm, a cryptographic method published in 1979 that splits a secret into multiple pie

ente.com·6d ago

Understanding WebAuthn credential protection policy and discoverable credentials

This article explains the WebAuthn credential protection policy, specifically how developers can use the `residentKey` option to control whe

pilcrowonpaper.com·7d ago

Apple publishes corecrypto with formal verification proofs for quantum-secure ML-KEM and ML-DSA algorithms

Apple has published the corecrypto library containing quantum-secure ML-KEM and ML-DSA algorithms, along with formal verification proofs tha

security.apple.com·9d ago

Understanding Beaver Triples: A Primer on Secure Multiparty Computation

The article introduces the concept of Beaver Triples in the context of secure multiparty computation (MPC). It uses an analogy about a frien

stoffelmpc.com·22d ago

Testing Quantum Computing Claims: Replacing IBM QPU with /dev/urandom in ECDLP Attack

This article tests a quantum computing claim from the Q-Day Prize submission by replacing the IBM Quantum Processing Unit (QPU) with /dev/ur

github.com·1mo ago

OpenSSL 4.0.0 Released with Significant New Features and Compatibility Changes

OpenSSL 4.0.0 is a major feature release that introduces significant new functionality along with potentially incompatible changes. Key upda

github.com·1mo ago