[cryptography] Javascript Password Hashing: Scrypt with WebCrypto API?

Fabio Pietrosanti (naif) - lists lists at infosecurity.ch
Wed Mar 11 08:02:14 EDT 2015

On 3/11/15 12:42 PM, stef wrote:
> On Wed, Mar 11, 2015 at 11:53:35AM +0100, Fabio Pietrosanti (naif) - lists wrote:
>> at GlobaLeaks we're undergoing implementation of client-side encryption
>> with server-side storage of PGP Private keys.
> i didn't get the memo, that js in browsers is now the way to best mitigate
> against state level actors. i mean globaleaks clearly has state-level actors
> in their threat-model, right?
No, GlobaLeaks doesn't consider in it's threat model an NSA-like actor.

GlobaLeaks it's designed to be a Whistleblowing framework that can be
used in very different context, from WildLife Crime Activism up to
Anticorruption in Serbia up to PubLeaks-like Journalism in Netherland,
keeping the maximum level of security achievable for a specific context
of use.

Some deployment scenario is "Safe Enough", some other is "Super
Paranoid", but we're bound to the reality of real-wold uses, that are
differentiated as the risks scenario are.

Check the Threat Model link on https://globaleaks.org in the footer to
get a better insight.

This email thread is specifically addressing the issue of using a strong
client-side password hashing methods, such as scrypt (or maybe the
upcoming winner of https://password-hashing.net/report1.html), in a way
that could exploit the WebCrypto API primitives.

Today with WebCrypto API you can only do hashing with PBKDF2 with tons
of iterations, but i haven't found/seen an scrypt that leverage
WebCrypto API or something similar to enable key-stretching client-side
with a decent time-waiting/key-stretching-crypto-improvement ratio.

Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - https://globaleaks.org - https://tor2web.org - https://ahmia.fi

More information about the cryptography mailing list