Comments on: Version 1.0.1 security update released!

By: Vish

Vish — Fri, 26 Oct 2012 17:46:29 +0000

I am hoping for an ASP.net implementation of this. Any updates ?

By: Daniel Griesser

Daniel Griesser — Thu, 14 Jan 2010 18:10:27 +0000

Thanks for your reply …
I am currently working on a 2.0 version of jCryption.
I have to admit that I am not a master in encryption/decryption maths and algorithms so thanks for your information.
I will definetly take a closer look at them and how they interact with eachother.
The new version should will support bidirectional communication and “normal string” encryption/decryption.

By: keepsweek

keepsweek — Thu, 14 Jan 2010 04:55:05 +0000

jCryption needs a 2.0 release. Badly. I mean, seriously, as is, jCryption is susceptible to replay attacks and offline brute force attacks. To protect against offline replay attacks, passwords should either have a randomized fixed length salt prepended to them or OAEP padding ought to be used. To protect against replay attacks, nonces ought to be used.

Also, key generation is quite slow as is decryption. Real world RSA implementations employee the Chinese Remainder Theorem to break decryption up into pieces, each of which can be performed faster than treating the whole thing as one giant piece.

My personal recommendation is this: For the javascript portion of the code, use this:

http://www-cs-students.stanford.edu/~tjw/jsbn/

Although the examples are slower than the ohdave.com implementation, it’s faster. The ohdave.com examples don’t employee randomized padding whereas the above implementation does.

For the backend PHP implementation use this:

http://phpseclib.sourceforge.net/

It uses the Chinese Remainder Theorem and the gmp extension if it’s available. If neither gmp or bcmath are available it uses it’s own internal implementation.

By: Radomir

Radomir — Wed, 02 Sep 2009 11:12:25 +0000

Hi Daniel,

have you any implemention with asp.net?

Thanks