jCryption javascript data encryption

1. 

   keepsweek
   January 14th, 2010

   jCryption needs a 2.0 release. Badly. I mean, seriously, as is, jCryption is susceptible to replay attacks and offline brute force attacks. To protect against offline replay attacks, passwords should either have a randomized fixed length salt prepended to them or OAEP padding ought to be used. To protect against replay attacks, nonces ought to be used.

   Also, key generation is quite slow as is decryption. Real world RSA implementations employee the Chinese Remainder Theorem to break decryption up into pieces, each of which can be performed faster than treating the whole thing as one giant piece.

   My personal recommendation is this: For the javascript portion of the code, use this:

   http://www-cs-students.stanford.edu/~tjw/jsbn/

   Although the examples are slower than the ohdave.com implementation, it’s faster. The ohdave.com examples don’t employee randomized padding whereas the above implementation does.

   For the backend PHP implementation use this:

   http://phpseclib.sourceforge.net/

   It uses the Chinese Remainder Theorem and the gmp extension if it’s available. If neither gmp or bcmath are available it uses it’s own internal implementation.

   ( REPLY )
   • 

     Daniel Griesser
     January 14th, 2010

     Thanks for your reply …
     I am currently working on a 2.0 version of jCryption.
     I have to admit that I am not a master in encryption/decryption maths and algorithms so thanks for your information.
     I will definetly take a closer look at them and how they interact with eachother.
     The new version should will support bidirectional communication and “normal string” encryption/decryption.

     ( REPLY )
2. 

   Radomir
   September 2nd, 2009

   Hi Daniel,

   have you any implemention with asp.net?

   Thanks

   ( REPLY )

Leave a comment