Is this safe in this implementation (I am not familiar with Wolframs cipher here). Usually clock is bad and PRNG is used, may be different here though? Just curious, not a critique
In the JavaScript implementation the CPU nanosecond clock is sampled with the (very) jittery setTimeout() function into a 1024 bit string which then is hashed into a 256 bit nonce. Randomness is indeed a tricky subject yet practically in the Chrome, Firefox and Internet Explorer browsers the 1024 bits generated look sufficiently random. What will happen with Mooreās law and computers getting magnitudes more powerful? I believe the current implementation will be good enough for many years to come. And if not the nonce can easily be upgraded.
2 Likes
No worries, it may be a bone of contention in an audit, just in case 
There was a bitcoin wallet that suffered as a result of a bad seed. I Think though it used the hash of a return value, which was a 404 or similar as a site went sssl. So not in that league, but clocks are not used as crypto secure seeds. I Think itās worth a quick look around at a PRNG for javascript or check how others create seeds etc. Just in case. I would hate to have somebody unfairly pick at this.
Great work though, really nice to see.
3 Likes
If you need random in the browser for crypto purposes, you should really use Crypto.getRandomValues() - Web APIs | MDN if itās available (you can polyfill for a fallback). Granted most people will tell you that in-browser crypto is not safe (the most popular post on this subject is https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/august/javascript-cryptography-considered-harmful/). No need to debate the finer points here of course, just thought Iād link it.
4 Likes
One potential problem is that the generation of the nonce is in my case at the mercy of the implementation of the setTimeout() and performance.now() functions. Yet those are very much in practice āset in stoneā so to speak. Google, Mozilla, Microsoft or Opera Software cannot just willy-nilly tamper with such core functionality without affecting their whole community of developers and applications. So in practice I believe itās reliable to use such implementation for generating randomness. I challenge you to come up with an alternative approach that is truly random without the use of clock sampling, and without the need for extra hardware.
Yes, that may be useful. I will take a look at it.
Here is a JavaScript version that uses window.crypto.getRandomValues() for the nonce: https://jsfiddle.net/w4jgz1dy/
It works in later versions of Chrome, Firefox and IE (havenāt checked Opera yet but itās now based on Chromium I think so it should work in that browser too).
1 Like
1 Like
Here is a web version of the crypto chat: http://www.tomment.com/
The SAFE version can perhaps use StructuredData for the messages and then the web version will be easy to port. The web version doesnāt use any user accounts. A SAFE version can use user accounts or keep the account free approach or both.