{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Summer. ? 凉城 的问题《Is Javascript a proper platform for cryptography?》','https://www.manongdao.com/q-786030.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I noticed a good while back that Wikipedia links to a Javascript implementation of different hash functions. Also found Clipperz Crypto. Even Mozilla implements a crypto object in Firefox.
So, Is Javascript a proper platform for cryptography? Or, can it be?
Or, I suppose.. Are there any purposes or benefits for hashing data before POST?
These blog articles describe valuable uses for cryptography in JavaScript:
For securely identifying yourself:
http://digitalbazaar.com/2010/08/07/webid/
For providing a secure interface to localhost applications w/embedded-servers via a website:
http://digitalbazaar.com/2010/07/20/javascript-tls-1/
http://digitalbazaar.com/2010/07/20/javascript-tls-2/
I can see at least one use: If you are sending the client encrypted data, then decrypting it in JavaScript based on a key/password that the user enters locally. This presupposes a shared key or a known password that you used to originally encrypt the data at the server. Also, these functions are frequently used by malicious and/or obfuscated JavaScript.
You can encrypt data using JavaScript; however I'm not sure about the benefits. Because if you are using, let's say bas64, you need to send the encryption key to the client, and if someone can intercept the encrypted information he/ she would probably be able to intercept the encryption key too.
You should never use this for replacing SSL certificates.
Never ever can you use javascript as a safe platform for transferring secure data ...
But it is possible to make a md5 or other type of encryption client-side, that gives you a reasonably secure way of validation you could test server-side !-)
The answer depends on what you want to do.
If you want to use cryptography on client side, off-line, persistent web applications then yes. So for example do you want to encrypt all data that is stored in an embedded database using the HTML 5 specifications 'globalStorage()'. Then use javascript crypto, because the likelihood is that you wont have a connection to handle all the crypto on the server side.
If not use the tried and tested methods
There are uses for hashing functions in Javascript, for example validating captchas client side (by comparing hash in session to computed hash from input). Obviously, the uses are limited since it runs almost exclusively client side (and you can't trust client input), but the potential is there.