You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently all encryption / decryption is done by Stanford JavaScript Crypto Library (sjcl). Since Web Cryptography API is now a recommendation and implemented by Firefox and Chrome we should investigate if we could use that one if it exists.
Using Web Cryptography API might be less performant than sjcl if these benchmarks are still valid.
The text was updated successfully, but these errors were encountered:
Web Cryptography API is supported by all browsers we are targeting expect IE 11: canisue.com
Current implementations of Web Cryptography API does not support AES-CCM, which is currently used. But SJCL could be configured to use AES-GCM, which is also supported via Web Cryptography API by all relevant browsers. Switching from CCM to GCM would also be an improvement.
Croodle currently uses PBKDF2 with HMAC-SHA-256 to retrieve the key from passphrase. PBKDF2 is supported by all major browsers but HMAC-SHA-256 hash function is not. Only plain SHA-256 is supported. On the other hand SJCL does not support plain SHA-256 as hash function for PBKDF2. Also migrating from HMAC-SHA-256 to SHA-256 would be a decline.
Currently all encryption / decryption is done by Stanford JavaScript Crypto Library (sjcl). Since Web Cryptography API is now a recommendation and implemented by Firefox and Chrome we should investigate if we could use that one if it exists.
Using Web Cryptography API might be less performant than sjcl if these benchmarks are still valid.
The text was updated successfully, but these errors were encountered: