I found a nice implementation for RSA on JavaScript maybe used in a ICryptProvider for Ajax.NET Professional to secure the data is sent from the client-side JavaScript to the server and back. For more details see: http://www.ohdave.com/rsa/
As I am sure many of you know RSA, or any real encryption in javascript is too slow to be usefull :).
I question when there would be real use for it that could not be solved with some other more practical protection method.
correct me if I am wrong but you can't truly encrypt any thing in javascript as all of the info to decrypt it is available for download from your server in order for it to work in the first place, or is visible at some step in the process.
You are only keeping prying eyes from viewing it, And really there is not much of a point to do much beyond that, you get no real further protection than existing client server technologies, and it negativly impacts performace.
this of course assumes that you are not just exposing additional information to your client side code because of it's new found abilities.
Really what it all comes back to is if you design an isecure app a javascript security layer is not going to help you, all it could really do is lull you into a "very" false sence of security.
I know this that encryption is not fast on the client-side JavaScript, but it is working. If I need security I use Ajax.NET Professional over a SSL connection like the web pages.
Adam Rogas said
This is pretty cool, however . . .
As I am sure many of you know RSA, or any real encryption in javascript is too slow to be usefull :).
I question when there would be real use for it that could not be solved with some other more practical protection method.
correct me if I am wrong but you can't truly encrypt any thing in javascript as all of the info to decrypt it is available for download from your server in order for it to work in the first place, or is visible at some step in the process.
You are only keeping prying eyes from viewing it, And really there is not much of a point to do much beyond that, you get no real further protection than existing client server technologies, and it negativly impacts performace.
this of course assumes that you are not just exposing additional information to your client side code because of it's new found abilities.
Really what it all comes back to is if you design an isecure app a javascript security layer is not going to help you, all it could really do is lull you into a "very" false sence of security.
Michael Schwarz said
I know this that encryption is not fast on the client-side JavaScript, but it is working. If I need security I use Ajax.NET Professional over a SSL connection like the web pages.