Why Browser Cryptography is Bad and How We Can Make It Great

Presented at HOPE Number Nine (2012), July 14, 2012, 10 a.m. (60 minutes).

Web apps are becoming almost exponentially responsible for handling user data. This incredible increase summons an urgent requirement for client-side web browser crypto standards. However, web browsers lack client-side crypto standards for building blocks such as secure block ciphers, public key schemes, and hashing algorithms. Developers currently rely on JavaScript crypto libraries in order to implement these functions, which can, admittedly, provide strong crypto in some situations, but still falter when faced with certain attacks. This talk will look at Cryptocat, a security-centric web-chat client with client-side cryptography, and also focus on the problems, the solutions, and the limitations of JavaScript cryptography. There will be a discussion of potential solutions to these problems, which may very well require the implementation of an integrated universal web browser standard for client-side cryptography.


Presenters:

  • Nadim Kobeissi
    Nadim Kobeissi is a computer security researcher and Internet freedom advocate based in Montreal. He developed Cryptocat, an open source, accessible web IM client, and also hosted CHOMP.FM, a radio show covering information freedom, Internet privacy, and cyberculture with guests such as Bruce Schneier and Electronic Frontier Foundation staff. Nadim also has an interest in penetration testing and has regularly defended Internet freedom issues such as the SOPA blackout and WikiLeaks in the media.

Links:

Similar Presentations: