Doing Crypto In A Browser
Doing Crypto In A Browser
Well, the world has fallen for JavaScript. It’s a horrible language and many designers struggle with it. It has been shown recently that many hackers target it as the checking of the scripts is often weak. But it works and allows us to interact with Web pages in a way that we have on our desktops. With the advent of JQuery and Node.js, it has risen to the top of the hill in software development, and few can beat it for speed and interaction.
So surely you can’t to something as complex as cryptography on within your browser? Well you can… and here’s a few examples:
- Random number generator. Rand. Random number generator
- AES. AES. AES encryption
- Hash. Hash. Hashing using JavaScript
- RSA. RSA. RSA using JavaScript
- Password generation/hashing. Hashing. Password generation/hashing using JavaScript
- CMS. CMS. Encapsulating with CMS.
- Paillier crypto system (JavaScript). Paillier. Outlines Paillier crypto system using JavaScript.
For this we are running the code not on a server, but in the browser. The optimisation for each device and browser is difference, so you see a great deal of variation. If you want to benchmark, here’s a quick test:
Generation of RSA 1024-bit keys [here]: Macbook Pro Opera: 256ms, Macbook Pro Firefox: 662 ms, Macbook Pro Chrome: 358 ms, Samsung S9+ Android phone: 400ms, iPad Safari: 266 ms.
The strange thing here is that my Android Samsung S9+ phone is nearly as fast as the other browsers, and where Safari on my iPad is nearly the fastest of the browsers.
For 2,048 bit keys it becomes a bit more of a task:
Generation of RSA 2048-bit keys [here]: iPad Safari: 1525 ms, Mac Book with Firefox 3965 ms, Samsung S9+ Android Firefox: 2599 ms.
We can see that the iPad and the Samsung Android browsers are actually faster now than the desktop version of Firefox.
Conclusions
It’s a challenge, but you can run crypto in your browser, but beware, it could be hacked with a code injection/modification.