Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Why use DJSON and not the browser's native JSON.stringify, JSON.parse functions? #1

Open
fproulx-pbox opened this issue Jun 5, 2014 · 5 comments
Open

Why use DJSON and not the browser's native JSON.stringify, JSON.parse functions? #1

fproulx-pbox opened this issue Jun 5, 2014 · 5 comments

Comments

@fproulx-pbox
Copy link

No description provided.

@ad-l
Copy link
Owner

ad-l commented Jun 5, 2014

DJCL is written in DJS, a subset of JavaScript that doesn't allow the
use any DOM or external function because they can be tampered. See
http://www.defensivejs.com for details and motivations

@fproulx-pbox
Copy link
Author

I see, how was the parser developed? Was it generated using a parser generator with formal proof? I consider parsing as area to always handle carefully

@fproulx-pbox
Copy link
Author

OK. So considering you do not use browser native functions, the security of CCM and RSA padding may be affected by weak random or nonce reuse when you provide IV from the outside ? For instance, SJCL uses window.crypto.getRandomValues() how should we safely provide randomness while keeping your assumptions true.

@ad-l
Copy link
Owner

ad-l commented Jun 5, 2014

Le 05/06/2014 20:05, François Proulx a écrit :

I see, how was the parser developed? Was it generated using a parser
generator with formal proof? I considering parsing always an area to be
careful handled with...

That's an excellent consideration, parsing is often security critical
and easy to do wrong. But the answer to your question is no - this
parser is NOT generated from a formally verified parser generator. It is
manually written and I cannot guarantee that it doesn't have bugs -
however, that's not the goal of this library, and none of the
cryptographic functions carry proof of their functional correctness
either. This will hopefully change in the future - adding support for
verified parsing is one of the goals of the F* project
https://github.com/FStarLang/FStar (eventually,the whole DJCL is meant
to be generated from verified F*)

@ad-l
Copy link
Owner

ad-l commented Jun 5, 2014

OK. So considering you do not use browser native functions, the security
of CCM and RSA padding may be affected by weak random or nonce reuse
when you provide IV from the outside ? For instance, SJCL uses
window.crypto.getRandomValues() how should we safely provide randomness
while keeping your assumptions true.

It is not a problem in itself - you must supply the IVs and nonces to
the cryptographic primitives. If you are writing a fully wrapped
defensive function, the server that loads the script must inject enough
entropy for the IVs that will be required (if you are running out, you
can do encrypted CORS to get more). Read the "Script Server" tab on
defensivejs.com for details.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fproulx-pbox @ad-l