Explore the controversial world of JavaScript cryptography in this 59-minute conference talk from AppSecEU 2014. Delve into the testing of high-profile crypto libraries, applications, and systems, uncovering hilarious bugs and security vulnerabilities. Compare these findings to issues in established cryptography implementations like OpenSSL and GnuPGP. Question long-held beliefs about JavaScript crypto's inherent insecurity and examine potential fixes. Gain insights into various attack vectors, including XSS, man-in-the-middle attacks, PRNGs, and timing side-channels. Leave with an updated, opinionated perspective on the state of JavaScript cryptography and its potential for security comparable to other implementations.
Overview
Syllabus
Krzysztof Kotowicz - Biting into the Forbidden Fruit. Lessons from Trusting JavaScript Crypto.
Taught by
OWASP Foundation