[Cryptography] [cryptography] Browser JS (client side) crypto FUD

Tony Arcieri bascule at gmail.com
Wed Jul 30 02:09:20 EDT 2014


On Tue, Jul 29, 2014 at 6:53 AM, Lodewijk andré de la porte <l at odewijk.nl>
wrote:
>
> JavaScript cryptography is possible, there are usecases, and it is
> *definitely* *not *"considered harmful" by default.
>

By default you aren't using HTTPS, HSTS, and CSP. Without these things,
doing cryptography in a web page is most definitely harmful and insecure.

-- 
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140729/9bd9a891/attachment.html>


More information about the cryptography mailing list