webathena icon indicating copy to clipboard operation
webathena copied to clipboard
verified publisher icon davidben

Consolidate crypto libraries

Open davidben opened this issue 13 years ago • 0 comments

We use both SJCL and CryptoJS right now. This is silly. I think we should prefer SJCL; they make an attempt to provide a real randomness function (even if it's not really usable), so I think I trust them more. Unfortunately, they don't provide the primitives we'll need for all enctypes. Namely,

  • DES (des-cbc-crc)
  • MD5 (des-cbc-crc, arcfour-hmac)
  • MD4 (arcfour-hmac)
  • RC4 (arcfour-hmac)

If Athena actually gets rid of des-cbc-crc, maybe we can get away with only doing the AES ones there. I want to say arcfour-hmac is the one you need for Windows stuff, so we might not be able to avoid that? I propose we port CryptoJS implementations to sjcl.bitArray where needed. At the least we can avoid having two versions of a byte array. (If that could be secretly a TypedArray (issue #23), even better... that might not be doable transparently though. Seems sjcl.bitArray is literally an array.)

davidben avatar Nov 29 '12 05:11 davidben