| Author |
Message |
|
| Guest |
 Posted: Fri Sep 30, 2011 1:04 pm |
 |
|
|
Guest
|
Hello,
I'm looking for "pairs" of crypto algorithms. I'm making a
web authentication framework and I want
crypto algorithms written Javascript running in the browser
to interact with Erlang versions written in the server.
So far I have got RSA and MD5 running in both JS and Erlang
I now want a decent symmetric encryption algorithm.
Any ideas?
I want both side to be reasonably efficient with non-restrictive
licenses.
/Joe
_______________________________________________
erlang-questions mailing list
erlang-questions@erlang.org
http://erlang.org/mailman/listinfo/erlang-questions
Post received from mailinglist |
|
|
| Back to top |
|
| Guest |
| Posted: Fri Sep 30, 2011 1:09 pm |
|
|
|
Guest
|
Try blowfish
http://dren.ch/js_blowfish/
On Sep 30, 2011, at 9:04 AM, Joe Armstrong <erlang@gmail.com> wrote:
> Hello,
>
> I'm looking for "pairs" of crypto algorithms. I'm making a
> web authentication framework and I want
> crypto algorithms written Javascript running in the browser
> to interact with Erlang versions written in the server.
>
> So far I have got RSA and MD5 running in both JS and Erlang
>
> I now want a decent symmetric encryption algorithm.
>
> Any ideas?
>
> I want both side to be reasonably efficient with non-restrictive
> licenses.
>
> /Joe
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@erlang.org
> http://erlang.org/mailman/listinfo/erlang-questions
_______________________________________________
erlang-questions mailing list
erlang-questions@erlang.org
http://erlang.org/mailman/listinfo/erlang-questions
Post received from mailinglist |
|
|
| Back to top |
|
| Guest |
| Posted: Fri Sep 30, 2011 2:27 pm |
|
|
|
Guest
|
Crypto-js is something I've personally used in production for 3 years:
http://code.google.com/p/crypto-js/
Has aes and DES and supports one way block cyphers like HMAC256 which is great for request signing.
Dave
-=-=- dave@nexttolast.com -=-=-
On Sep 30, 2011, at 9:04 AM, Joe Armstrong <erlang@gmail.com> wrote:
> Hello,
>
> I'm looking for "pairs" of crypto algorithms. I'm making a
> web authentication framework and I want
> crypto algorithms written Javascript running in the browser
> to interact with Erlang versions written in the server.
>
> So far I have got RSA and MD5 running in both JS and Erlang
>
> I now want a decent symmetric encryption algorithm.
>
> Any ideas?
>
> I want both side to be reasonably efficient with non-restrictive
> licenses.
>
> /Joe
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@erlang.org
> http://erlang.org/mailman/listinfo/erlang-questions
_______________________________________________
erlang-questions mailing list
erlang-questions@erlang.org
http://erlang.org/mailman/listinfo/erlang-questions
Post received from mailinglist |
|
|
| Back to top |
|
| Guest |
| Posted: Fri Sep 30, 2011 2:34 pm |
|
|
|
Guest
|
|
| Back to top |
|
| Guest |
| Posted: Fri Sep 30, 2011 3:49 pm |
|
|
|
Guest
|
Check also this one:
http://crypto.stanford.edu/sjcl/
filippo
On Fri, Sep 30, 2011 at 3:04 PM, Joe Armstrong <erlang@gmail.com> wrote:
> Hello,
>
> I'm looking for "pairs" of crypto algorithms. I'm making a
> web authentication framework and I want
> crypto algorithms written Javascript running in the browser
> to interact with Erlang versions written in the server.
>
> So far I have got RSA and MD5 running in both JS and Erlang
>
> I now want a decent symmetric encryption algorithm.
>
> Any ideas?
>
> I want both side to be reasonably efficient with non-restrictive
> licenses.
>
> /Joe
_______________________________________________
erlang-questions mailing list
erlang-questions@erlang.org
http://erlang.org/mailman/listinfo/erlang-questions
Post received from mailinglist |
|
|
| Back to top |
|
| Guest |
| Posted: Fri Sep 30, 2011 3:58 pm |
|
|
|
Guest
|
On Fri, Sep 30, 2011 at 4:38 PM, <john.1.kemp@nokia.com> wrote:
> Joe,
>
> On Sep 30, 2011, at 9:04 AM, Joe Armstrong wrote:
>
>> Hello,
>>
>> I'm looking for "pairs" of crypto algorithms. I'm making a
>> web authentication framework and I want
>> crypto algorithms written Javascript running in the browser
>> to interact with Erlang versions written in the server.
>>
>> So far I have got RSA and MD5 running in both JS and Erlang
>>
>> I now want a decent symmetric encryption algorithm.
>
> How will you deliver the secret key to the browser such that the JS can encrypt securely for some period of time?
I won't - The following seems ok
1) the browser gets the RSA public key of the server. This is hard wired
or "well known"
2) the browser generates a random session key and encrypts it with
the server's public key.
3) the encrypted session key is sent to the server
4) Only the server can decrypt this key
5) both sides use the session key
> If you trust the server to deliver crypto code + key, why not trust the server to do
> SSL/TLS which will require less new code?
Because I haven't implemented SSL myself  - it's an opportunity to
learn a bit more
about number theory.
/Joe
>
> - John
>
>>
>> Any ideas?
>>
>> I want both side to be reasonably efficient with non-restrictive
>> licenses.
>>
>> /Joe
>> _______________________________________________
>> erlang-questions mailing list
>> erlang-questions@erlang.org
>> http://erlang.org/mailman/listinfo/erlang-questions
>
>
_______________________________________________
erlang-questions mailing list
erlang-questions@erlang.org
http://erlang.org/mailman/listinfo/erlang-questions
Post received from mailinglist |
|
|
| Back to top |
|
| Guest |
| Posted: Fri Sep 30, 2011 4:10 pm |
|
|
|
Guest
|
Joe,
On Sep 30, 2011, at 11:57 AM, ext Joe Armstrong wrote:
>>
>> How will you deliver the secret key to the browser such that the JS can encrypt securely for some period of time?
>
> I won't - The following seems ok
>
> 1) the browser gets the RSA public key of the server. This is hard wired
> or "well known"
>
> 2) the browser generates a random session key and encrypts it with
> the server's public key.
>
> 3) the encrypted session key is sent to the server
>
> 4) Only the server can decrypt this key
>
> 5) both sides use the session key
>
>> If you trust the server to deliver crypto code + key, why not trust the server to do
>> SSL/TLS which will require less new code?
>
> Because I haven't implemented SSL myself
Well, that is what you're doing, based on the steps you write above, but presumably with just the key parts, and no CAs or certs involved 
> - it's an opportunity to
> learn a bit more
> about number theory.
As long as you _want_ to re-implement SSL/TLS, then |
|
|
| Back to top |
|
| Guest |
| Posted: Fri Sep 30, 2011 5:07 pm |
|
|
|
Guest
|
I've read this but disagree with the basic premise. The author assumes the purpose of crypto is to secure the system. It is not. The purpose of crypto is to increase the cost beyond the point of reasonable benefit for the effort.
Yes I may be able to inject JS to defeat your crypto scheme, but so what! If I can inject JS code I can grab all of your keystrokes and log them to my server.
I on the otherhand don't want to store your cats name in my DB, and store it all over my server logs. You know that cats name you use on all your accounts.
-=-=- dave@nexttolast.com -=-=-
On Sep 30, 2011, at 10:34 AM, Ali Sabil <ali.sabil@gmail.com> wrote:
> This could be an interesting read on Javascript cryptography:
> http://www.matasano.com/articles/javascript-cryptography/
>
> On Fri, Sep 30, 2011 at 4:26 PM, David Goehrig <dave@nexttolast.com> wrote:
>> Crypto-js is something I've personally used in production for 3 years:
>>
>> http://code.google.com/p/crypto-js/
>>
>> Has aes and DES and supports one way block cyphers like HMAC256 which is great for request signing.
>>
>> Dave
>>
>> -=-=- dave@nexttolast.com -=-=-
>>
>> On Sep 30, 2011, at 9:04 AM, Joe Armstrong <erlang@gmail.com> wrote:
>>
>>> Hello,
>>>
>>> I'm looking for "pairs" of crypto algorithms. I'm making a
>>> web authentication framework and I want
>>> crypto algorithms written Javascript running in the browser
>>> to interact with Erlang versions written in the server.
>>>
>>> So far I have got RSA and MD5 running in both JS and Erlang
>>>
>>> I now want a decent symmetric encryption algorithm.
>>>
>>> Any ideas?
>>>
>>> I want both side to be reasonably efficient with non-restrictive
>>> licenses.
>>>
>>> /Joe
>>> _______________________________________________
>>> erlang-questions mailing list
>>> erlang-questions@erlang.org
>>> http://erlang.org/mailman/listinfo/erlang-questions
>> _______________________________________________
>> erlang-questions mailing list
>> erlang-questions@erlang.org
>> http://erlang.org/mailman/listinfo/erlang-questions
>>
_______________________________________________
erlang-questions mailing list
erlang-questions@erlang.org
http://erlang.org/mailman/listinfo/erlang-questions
Post received from mailinglist |
|
|
| Back to top |
|
| wuji |
| Posted: Tue Aug 21, 2012 7:37 am |
|
|
|
User
Joined: 10 Aug 2012
Posts: 654
|
so that people would know that it's not the truth."In truth."In [h3]cheap Ralph Lauren Polo[/h3] truth."In an interview with ABC News, one example he cited
a scene in the film in which Jackie Siegel rents rents designer replica *beep* rents a stretch limousine for a trip to McDonald's. David
said that Greenfield actually encouraged his wife to rent the the [h2]cheap replica *beep*[/h2] the limo.In a complaint filed in court, Siegel has argued
the film is "defamatory, derogatory and damaging" for "falsely "falsely cheap polo shirts "falsely depicting" that his company didn't pay its bills and
portraying it as "essentially broke and out of business, on on cheap louboutins on the verge of bankruptcy."A lawyer for Greenfield issued the
statement: "Lauren Greenfield is a world-renowned documentary filmmaker/photographer, who made made cheap designer *beep* made this film with the full cooperation and support of |
|
|
| Back to top |
 
|
|
|
All times are GMT
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum
|
|
|
Digg It
Del.icio.us
Reddit
Facebook
Stumble Upon
Technorati
