wolpert
commented
8 years ago Closed.... After the last LastPass security issue, I'm assuming any JavaScript feature is likely insecure... Especially if I am the one doing it.
Sticking with Java libraries for now.
Take https://bitwiseshiftleft.github.io/sjcl as a Javascript example. It does allow for AES-256 keys, which does support CCM/OCB modes. We'd be forced back to SHA-256 which isn't horrible to do. I don't see a CBC mode with this library specifically...
But having cross-platform support for Java/Android apps and javascript for browser integration would be great.
EDIT: CCM is an industry standard and lacks any patent issues. sjcl looks like a great target to be compatible with.
EDIT2: https://github.com/SpiderOak/crypton is the spideroak javascript library. More up to date then SJCL and a few more features. Note they use CFB Mode...