Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Gugi
    @Donwangugi
    And the roadmap for future releases.
    Also is the master branch version 1.0.4?
    Nils Thenhausen
    @Nilos

    Me and https://github.com/bitwiseshiftleft are the core maintainers, even though bitwiseshiftleft is not very active any more.
    I'm thinking about increasing the core maintainer team though.

    Release process: We need to work on this.
    Roadmap: sjcl is in maintenance mode, meaning that the core maintainers do not add any new features. Thus a roadmap does not make much sense.

    The master branch is ahead of 1.0.4.

    Gugi
    @Donwangugi
    The master branch is not the development branch though correct?
    Thank you for your answers though.
    Nils Thenhausen
    @Nilos
    it actually is, we could and maybe should move to gitflow though ...
    Julius Mereckas
    @mereckaj
    Hey guys, quick question. Does ECDSA fail when trying to verify a message when using c521 curve for others too (other c curves work fine. k224 fails with the exact same message, but that's a know issue (262))
    Nils Thenhausen
    @Nilos
    I did not understand, can you go more into detail?
    Julius Mereckas
    @mereckaj
    Sure
    If I try to sign a message digest using ECDSA, and I use sjcl.ecc.curves.c521 when trying to verify message integrity I keep getting an error of "Cannot assign to read only property '7' of lkQZDJh9". This only happens with c521 and k224. But k224 is known to be broke (according to issue 262). I am wondering if c521 is broken too
    Nils Thenhausen
    @Nilos
    if that is what happens it looks like it :(
    will have a look tomorrow, is late at my location :)
    Julius Mereckas
    @mereckaj
    Cool, thanks :D I'll try and find the problem myself too
    Julius Mereckas
    @mereckaj
    Ah so turns out it was my mistake, sign expects a bitArray and I was passing it strings. Worked file for all but the c521 curve strangely enough.
    file -> fine
    jptcnde
    @jptcnde
    hey
    guys
    I need help, whats the default bit size for of Crypto-JS lib? is it 256 or 128?
    Nils Thenhausen
    @Nilos
    I don't know. This is the sjcl chat, so I guess we might not be able to help you, sorry!
    tunkul
    @tunkul
    Hi, just downloaded sjcl, looking for ecc functionality. Is this lib still in use? Is the ecc stuff working?
    tiredoak
    @tiredoak
    Hi, in the same situation as @tunkul. Anyone around still?
    @Nilos ?
    Nils Thenhausen
    @Nilos
    ECC is working but you will need to build your own version for it
    I am still around even though gitter stopped sending me mails for chat-messages
    tiredoak
    @tiredoak
    Thanks for the reply!
    @Nilos
    Edgar Nzokwe
    @dedgar1
    Hi all,
    Is it possible to generate symmetric keys using the sjcl library?
    Nils Thenhausen
    @Nilos
    Sure!
    Nils Thenhausen
    @Nilos
    const key = sjcl.random.randomWords(8)(for a 256-bit key)
    Edgar Nzokwe
    @dedgar1
    @Nilos Thanks
    Aaron Janse
    @aaronduino
    Hello, quick question:
    The readme specifies the security reporting email as sjcl@ovt.me, yet the website at ovt.me seems a little (read: very) odd.
    I don’t have anything to report, but just wanted to make sure that the email wasn’t a typo or anything :P
    Nils Thenhausen
    @Nilos
    Not sure why my website seems odd to you :D It is just a very old side project of mine
    Aaron Janse
    @aaronduino
    Oh, no problem! :D I guess I was just thrown off by the "Welcome to vokabelnpauken.de" heading. Np. The project looks cool, btw; I don't speak German, but from what I can tell it looks interesting.
    Nils Thenhausen
    @Nilos
    It is indeed really old but I still use the address for my mail
    Eddie
    @EddieJibson_twitter

    Hi,

    I know I can encrypt a string using a password with sjcl.encrypt() and decrypt using sjcl.decrypt(), but can I just verify the password to decrypt a string is correct first so then if it is correct, I can go ahead and decrypt and if it's not, I go ahead and spit out an error message?

    Thanks.

    Nils Thenhausen
    @Nilos
    No you can't. A password is only known to be incorrect after the decryption process has happened and the data after decryption does not validate.
    Or to say it differently: any password gives a decryption result but only the correct password yields one that makes sense
    john007abhilash
    @john007abhilash
    Hi, can anyone help me out with https://github.com/mdp/gibberish
    when try to encrypt a text, it returns me a plain string with random characters instead of a JSON string
    cipher = Gibberish::AES.new('p4ssw0rd')
    cipher.encrypt("some secret text")

    => Outputs a JSON string containing everything that needs to be saved for future decryption

    Example:

    '{"v":1,"adata":"","ks":256,"ct":"ay2varjSFUMUmtvZeh9755GVyCkWHG0/BglJLQ==","ts":96,"mode":"gcm",

    "cipher":"aes","iter":100000,"iv":"K4ZShCQGL3UZr78y","salt":"diDUzbc9Euo="}'

    john007abhilash
    @john007abhilash
    sjcl.decrypt does not work as it needs the json to decrypt it
    Maxime
    @maxime1992

    Hey guys, I'll need to save some sensitive data on client side in localstorage.

    I've been wondering what's the best I can do about that and sjcl seems to be a good idea.

    I know there's no perfect security, I just want to do the best possible :)

    That said, is sjcl.encrypt enough? Is there a better configuration to make it harder to brute force or find with other ways?

    Stefan Sechelmann
    @sechel
    Hey @maxime1992, you may want to check out WebCrypto and IndexedDB as an alternative to sjcl and localStorage.
    christinasmithers
    @christinasmithers
    Hi everyone. I admit I am little of a newbie for security. Does SJCL issue certificates and if so from whom? And then for keys do we keep or maintain them or is that elsewhere?
    yeshog
    @yeshog
    hello all, how does one get to use sjcl out of the box i.e. without needing to use "configure --with-all" out of the box? A typical use of this is PaaS cloud environments where one needs to simply supply a dependency in package.json?
    Jiahao Ma
    @howardman
    Hello there
    how can we use sjcl.js on a static webpage? Can anyone help me out? I have read the documentation, but still have no clue
    Barry Chapman
    @barrychapman
    allo
    Barry Chapman
    @barrychapman
    does anyone know what encryption lib creates output like this? -- var _0x28b6=['VcOfwq/DlMOM','BsOeZcKGw4s=','wqEwwpULFxE=','bGPDh8OWMA==','OcO9acKDw6c='
    It seems to be creating a massive array of base64 strings