[erlang-questions] crypto in erlang and javascript

David Goehrig <>
Fri Sep 30 19:07:46 CEST 2011

I've read this but disagree with the basic premise. The author assumes the purpose of crypto is to secure the system. It is not. The purpose of crypto is to increase the cost beyond the point of reasonable benefit for the effort. 

Yes I may be able to inject JS to defeat your crypto scheme, but so what!  If I can inject JS code I can grab all of your keystrokes and log them to my server.  

I on the otherhand don't want to store your cats name in my DB, and store it all over my server logs.  You know that cats name you use on all your accounts. 

-=-=-  -=-=-

On Sep 30, 2011, at 10:34 AM, Ali Sabil <> wrote:

> This could be an interesting read on Javascript cryptography:
> http://www.matasano.com/articles/javascript-cryptography/
> On Fri, Sep 30, 2011 at 4:26 PM, David Goehrig <> wrote:
>> Crypto-js is something I've personally used in production for 3 years:
>> http://code.google.com/p/crypto-js/
>> Has aes and DES and supports one way block cyphers like HMAC256 which is great for request signing.
>> Dave
>> -=-=-  -=-=-
>> On Sep 30, 2011, at 9:04 AM, Joe Armstrong <> wrote:
>>> Hello,
>>> I'm looking for "pairs" of crypto algorithms. I'm making a
>>> web authentication framework and I want
>>> crypto algorithms written Javascript running in the browser
>>> to interact with Erlang versions written in the server.
>>> So far I have got RSA and MD5 running in both JS and Erlang
>>> I now want a decent symmetric encryption algorithm.
>>> Any ideas?
>>> I want both side to be reasonably efficient with non-restrictive
>>> licenses.
>>> /Joe
>>> _______________________________________________
>>> erlang-questions mailing list
>>> http://erlang.org/mailman/listinfo/erlang-questions
>> _______________________________________________
>> erlang-questions mailing list
>> http://erlang.org/mailman/listinfo/erlang-questions

More information about the erlang-questions mailing list