Where communities thrive

  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
Repo info
    Edgar Nzokwe
    @Nilos Thanks
    Aaron Janse
    Hello, quick question:
    The readme specifies the security reporting email as sjcl@ovt.me, yet the website at ovt.me seems a little (read: very) odd.
    I don’t have anything to report, but just wanted to make sure that the email wasn’t a typo or anything :P
    Nils Thenhausen
    Not sure why my website seems odd to you :D It is just a very old side project of mine
    Aaron Janse
    Oh, no problem! :D I guess I was just thrown off by the "Welcome to vokabelnpauken.de" heading. Np. The project looks cool, btw; I don't speak German, but from what I can tell it looks interesting.
    Nils Thenhausen
    It is indeed really old but I still use the address for my mail


    I know I can encrypt a string using a password with sjcl.encrypt() and decrypt using sjcl.decrypt(), but can I just verify the password to decrypt a string is correct first so then if it is correct, I can go ahead and decrypt and if it's not, I go ahead and spit out an error message?


    Nils Thenhausen
    No you can't. A password is only known to be incorrect after the decryption process has happened and the data after decryption does not validate.
    Or to say it differently: any password gives a decryption result but only the correct password yields one that makes sense
    Hi, can anyone help me out with https://github.com/mdp/gibberish
    when try to encrypt a text, it returns me a plain string with random characters instead of a JSON string
    cipher = Gibberish::AES.new('p4ssw0rd')
    cipher.encrypt("some secret text")

    => Outputs a JSON string containing everything that needs to be saved for future decryption




    sjcl.decrypt does not work as it needs the json to decrypt it

    Hey guys, I'll need to save some sensitive data on client side in localstorage.

    I've been wondering what's the best I can do about that and sjcl seems to be a good idea.

    I know there's no perfect security, I just want to do the best possible :)

    That said, is sjcl.encrypt enough? Is there a better configuration to make it harder to brute force or find with other ways?

    Stefan Sechelmann
    Hey @maxime1992, you may want to check out WebCrypto and IndexedDB as an alternative to sjcl and localStorage.
    Hi everyone. I admit I am little of a newbie for security. Does SJCL issue certificates and if so from whom? And then for keys do we keep or maintain them or is that elsewhere?
    hello all, how does one get to use sjcl out of the box i.e. without needing to use "configure --with-all" out of the box? A typical use of this is PaaS cloud environments where one needs to simply supply a dependency in package.json?
    Jiahao Ma
    Hello there
    how can we use sjcl.js on a static webpage? Can anyone help me out? I have read the documentation, but still have no clue
    Barry Chapman
    Barry Chapman
    does anyone know what encryption lib creates output like this? -- var _0x28b6=['VcOfwq/DlMOM','BsOeZcKGw4s=','wqEwwpULFxE=','bGPDh8OWMA==','OcO9acKDw6c='
    It seems to be creating a massive array of base64 strings
    Augusto Gonzalez
    error: bundling failed: Error: Unable to resolve module crypto from C:\reactNative\etpro\node_modules\sjcl\sjcl.js: Module crypto does not exist in the Haste modu
    le map
    what can i do for that error
    Abdulrab Bin Talib

    Hi all,
    I use this function to generate a key "AES-GCM" and how I can generate the same algorithm with the sjcl ?

    const generateKey = async () => {
    const key = await window.crypto.subtle.generateKey({ name: "AES-GCM", length: 128 }, true, ["encrypt", "decrypt"]);
    const key_exported = await window.crypto.subtle.exportKey("jwk", key);
    return key_exported.k;