Published On Nov 17, 2018
Title: Cryptography for JavaScript Developers
Speaker: Svetlin Nakov, PhD
Conference: js.talks() 2018
Most developers believe they know cryptography, just because they store their passwords hashed instead of in plaintext and because have once configured SSL. In this talk the speaker fills the gaps by explaining some cryptographic concepts with examples in JavaScript.
The talk covers:
- Hashes, HMAC and key derivation functions (Scrypt, Argon2) with examples in JavaScript
- Encrypting passwords: from plain text to Argon2
- Symmetric encryption at the client-side: AES, block modes, CTR mode, KDF, HMAC, examples in JavaScript
- Digital signatures, ECC, ECDSA, EdDSA, signing messages, verifying signatures, examples in JavaScript
- Why client-side JavaScript cryptography might not be safe? Man-in-the-browser attacks, Cross-Site Scripting (XSS) / JavaScript injection, etc.
More info, slides and video: http://www.nakov.com/blog/2018/11/18/...
