[cryptography] Web Cryptography API (W3C Working Draft 8 January 2013)

Paterson, Kenny Kenny.Paterson at rhul.ac.uk
Sun Mar 10 06:58:08 EDT 2013


On 10 Mar 2013, at 10:51, Ben Laurie wrote:

On 10 March 2013 01:25, Tony Arcieri <tony.arcieri at gmail.com<mailto:tony.arcieri at gmail.com>> wrote:
On Sat, Mar 9, 2013 at 4:16 PM, Jeffrey Walton <noloader at gmail.com<mailto:noloader at gmail.com>> wrote:

The Web Cryptography Working Group looks well organized, provides a
very good roadmap, and offers good documentation.
http://www.w3.org/2012/webcrypto/.

for example they recommend CBC mode which is fraught with
problems.

Where?

Right here:  http://www.w3.org/TR/WebCryptoAPI:

19.1. Recommended algorithms

This section is non-normative

As the API is meant to be extensible in order to keep up with future developments within cryptography and to provide flexibility, there are no strictly required algorithms. Thus users of this API should check to see what algorithms are currently recommended and supported by implementations.

However, in order to promote interoperability for developers, there are a number of recommended algorithms. The recommended algorithms are:

  *   HMAC<http://www.w3.org/TR/WebCryptoAPI/#hmac> using SHA-256<http://www.w3.org/TR/WebCryptoAPI/#alg-sha-256>
  *   RSASSA-PKCS1-v1_5<http://www.w3.org/TR/WebCryptoAPI/#rsassa-pkcs1> using SHA-256<http://www.w3.org/TR/WebCryptoAPI/#alg-sha-256>
  *   ECDSA<http://www.w3.org/TR/WebCryptoAPI/#ecdsa> using P-256<http://www.w3.org/TR/WebCryptoAPI/#dfn-NamedCurve-p256> curve and SHA-256<http://www.w3.org/TR/WebCryptoAPI/#alg-sha-256>
  *   AES-CBC<http://www.w3.org/TR/WebCryptoAPI/#aes-cbc>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130310/cdf19bfc/attachment.html>


More information about the cryptography mailing list