Between Snowden’s NSA leaks prompting more secure communication and the rise of cryptocurrencies- software with secure cryptography as a core component is on the rise. Meanwhile, powerful applications written in JavaScript that render their UIs in a web browser are seeing unprecedented growth. However, if you ask most security researchers and developers about secure crypto in the browser, they’ll shake their heads skeptically. Reasons for this being: there are a lack of quality crypto primitives written in JavaScript that’ve been adequately reviewed and tested, JavaScript yields weak random number generation in all but the most recent HTML5 browsers, and secure key storage is difficult as the idiom du jour of web applications is to store user data on a remote server or in localStorage.
This talk will explore how Mailpile, a Free / open source email client, is not vulnerable to these security concerns by shifting the attack surface out of the browser while still being a web application with a friendly JSON API. The gain being developers can leverage modern JavaScript libraries to render beautiful interfaces, animate fresh user interactions, and create compelling data visualziations. Want to make a force-directed graph of your inbox? JavaScript makes it easy, all while being extremely secure.
Transcript:
License: For reuse of this video under a more permissive license please get in touch with us. The speakers retain the copyright for their performances. #mastercard crypto #aktien crypto #audio crypto
Brennan Novak: Secure Crypto for Browser Based Apps | JSConf EU 2014 [PHXELM9hIml]
Between Snowden’s NSA leaks prompting more secure communication and the rise of cryptocurrencies- software with secure cryptography as a core component is on the rise. Meanwhile, powerful applications written in JavaScript that render their UIs in a web browser are seeing unprecedented growth. However, if you ask most security researchers and developers about secure crypto in the browser, they’ll shake their heads skeptically. Reasons for this being: there are a lack of quality crypto primitives written in JavaScript that’ve been adequately reviewed and tested, JavaScript yields weak random number generation in all but the most recent HTML5 browsers, and secure key storage is difficult as the idiom du jour of web applications is to store user data on a remote server or in localStorage.
This talk will explore how Mailpile, a Free / open source email client, is not vulnerable to these security concerns by shifting the attack surface out of the browser while still being a web application with a friendly JSON API. The gain being developers can leverage modern JavaScript libraries to render beautiful interfaces, animate fresh user interactions, and create compelling data visualziations. Want to make a force-directed graph of your inbox? JavaScript makes it easy, all while being extremely secure.
Transcript:
License: For reuse of this video under a more permissive license please get in touch with us. The speakers retain the copyright for their performances. #mastercard crypto #aktien crypto #audio crypto