It's probably quite an uncommon requirement for a web site to protect it's users from itself. Believe it or not, I'm now working on a project that has exactly this requirement.
More on why it's in place later, right now I just want to share one result that came out of our attempts to fulfill it: a complete RSA implementation in JavaScript. In the core of it is the well known implementation by Dave Shapiro. But it lacked one important feature to be useful for us: key generation.
I guess at this point your are completely puzzled why on earth someone would need to generate RSA keys in js. But I'll leave this as an exercise to the reader.
And once you get into key generation you figure out how poorly is JavaScript suited for the job.
First, it has no long math, so it has to be implemented on top of the basic built-in means. Luckily, this was a part of Dave's package.
But then you get to the second problem: it's dead slow, and worse than that, Firefox and IE stall completely for minutes before you can generate a 512-bit key (respect to Opera team for not making javascript code block the ui event handling thread). I don't have an idea yet how to make it reasonably fast, but at least the browser freeze can (and should) be dealt with. The code that handles it is in "ugly_hacks/ensure_response.js". The basic idea behind it is using continuation-passing style and releasing control from within inner loops. What makes it an ugly hack is the way we are releasing control (and also that it pollutes global namespace :) ). Since we wanted to keep the "responsiveness routines" decoupled from the logic as much as possible, we had to use the only "context-independent" way of unwinding the stack we know: exceptions. Not only this is ugly, it's also extremely slow, but this is the price we were going to pay. As for capturing continuations, there seems to be no way to abstract this in js, so had to change the main code to make them explicit (e.g. close the loops over the counters).
Last but not least, randomization. If you need to generate really secure keys, Math.random() isn't of much help. The package contains a secure random number generator (core/randpool.js) and a routine to seed it with mouse gestures and keystrokes (core/entropy.js).
The examples are also available here:
- Key generation (warning: takes about a minute even for 128-bit key)
- Encryption
- Decryption
Posted by Aleksey Artamonov on 2008-06-22 14:27:40
Tags: javascript, rsa, privacy
Alexander TereshkinSeptember 03, 2008 at 4:28 a.m.
Wow! Just tried generating a 512-bit key in Google Chrome and it finished under one minute (and it didn't freeze the browser). Now this might actually be considered useful!