Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Is cryptico.js any good?

Steve Weis steveweis at
Wed Oct 12 15:37:42 PDT 2011

There are good reasons not to use Javascript crypto in general:

Regardless, I wouldn't trust Cryptico because its underlying implementations
are all written from scratch and I have no idea if any of them are safe.
Quickly scanning through their code, I see some questionable practices.

For example, they are seeding randomness from the time of day:

And the "signature" is just a hash and is on the plaintext, rather than

On Wed, Oct 12, 2011 at 2:56 PM, Uncle Zzzen <unclezzzen at> wrote:
> is a javascript RSA library
> At the bottom of there's a tech
> summary of the algorithms and libraries it uses.
> Anyone here knows it? How good is it? Is there any reason NOT to use it?
> Any other considerations? (e.g. if it's not over SSL - client-side
> code can be MITMed).
> Thanks,
> The Dod
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the liberationtech mailing list