Secure Crypto for Browser Based Apps

Explore the challenges and solutions for implementing secure cryptography in browser-based applications in this JSConf EU 2014 talk. Delve into the rising importance of secure cryptography in software development, particularly in light of NSA leaks and the growth of cryptocurrencies. Examine the skepticism surrounding browser-based crypto and understand the reasons behind it, including the lack of well-reviewed JavaScript crypto primitives, weak random number generation, and difficulties in secure key storage. Discover how Mailpile, an open-source email client, addresses these security concerns by shifting the attack surface away from the browser while maintaining a web application structure with a JSON API. Learn how this approach allows developers to leverage modern JavaScript libraries for creating compelling user interfaces and data visualizations without compromising security. Gain insights into balancing the power of JavaScript for frontend development with the need for robust cryptographic security in web applications.

Brennan Novak: Secure Crypto for Browser Based Apps | JSConf EU 2014