Open jfn12587 opened 11 years ago
As we note on our project page [http://polycrypt.net/], this polyfill is not intended for use in production, for securing real data.
I would think of this instead as a design / prototyping tool -- you can build your code against PolyCrypt until there's some real browser support, then remove the Githubissues.
This implementation uses WebWorkers which have no access to the underlying window.crypto API that modern browsers implement to provide access to, among other things, cryptographically strong PRNGs. JSBN attempts to seed its pool from window.crypto, or, failing that, it just dumps a bunch of numbers in from Math.random() which is NOT suitable for cryptography.
This library is useful as a polyfill, but what's the point exactly if it's not secure?