Menu logo

Thoughts on Software Engineering

Cryptography for JavaScript Developers – Nakov @ JS.Talks() 2018

Today I had a talk about cryptography in the JavaScript ecosystem at the js.talks() 2018 conference. I was happy to share my knowledge about most popular crypto algorithms used in the practice. As usually, I recorded a video, that I want to share with you.

Cryptography for JS Devs – Video

Cryptography for JS Devs – Slides

Cryptography for JS Devs – About the Talk

Most developers believe they know cryptography, just because they store their passwords hashed instead of in plaintext and because have once configured SSL. In this talk the speaker fills the gaps by explaining some cryptographic concepts with examples in JavaScript.

The talk covers:

  • Hashes, HMAC and key derivation functions (Scrypt, Argon2) with examples in JavaScript
  • Encrypting passwords: from plain text to Argon2
  • Symmetric encryption at the client-side: AES, block modes, CTR mode, KDF, HMAC, examples in JavaScript (AES-256-CTR-Argon2-HMAC-SHA-256)
  • Digital signatures, ECC, ECDSA, EdDSA, secp256k1, ed25519, signing messages, verifying signatures, examples in JavaScript
  • Why client-side JavaScript cryptography might not be safe? Man-in-the-browser attacks, Cross-Site Scripting (XSS) / JavaScript injection, etc.

Cryptography for JS Devs – Code Examples

Comments (0)

RSS feed for comments on this post. TrackBack URL