Slashdot Mirror
OpenPGP Implemented In JavaScript
angry tapir writes with this excerpt from Tech World: "Researchers from German security firm Recurity Labs have released a JavaScript implementation of the OpenPGP specification that allows users to encrypt and decrypt webmail messages. Called GPG4Browsers, the tool functions as an extension for Google Chrome and now is capable of working with GMail."
A quick gander at the source leaves me with the impression that it should be more or less portable to other browsers. It's also built using a lot of off-the-shelf Javascript libraries. (Who knew Javascript had a bignum library and a number of cipher implementations?)
News flash: turing-complete programming languages can be used to created anything. Why is it news when another random project is done in Javascript?
Pretty good is actually pretty bad.
The short book, JavaScript: The Good Parts, by Douglas Crockford ....
It can't be done. The problem is that the language itself is so horribly broken that anything built upon it, be it libraries, applications, tutorials or books, will inherently be horrible, too. JavaScript just can't be salvaged. It needs to be discarded.
I used to think this, but I don't any more. The aforementioned Crockford book is the bible on this.
There is a "pleasant" Javascript community, and what they have done is to separate Javascript into three parts:
- the good parts -- use them
- the bad parts -- avoid using them altogether
- the missing parts -- build acceptable workarounds to these using what's available
For example, Javascript has a horrible tendency for scripts to pollute the global variable namespace. The community came up with the CommonJS module convention, which solves the problem rather neatly.
The short book, JavaScript: The Good Parts, by Douglas Crockford ....
A book on JavaScipt's good parts is short?! I am shocked, sir!
So where do the keys get stored?
They get stored in the Article.
does that mean that you can only store keys per domain?
That is also in the Article.
And what stops a compromised site from lifting your keys while it's about encrypting or signing a message for you?
Try reading the Article.
I think for reasons of trust that if you were to use js PGP
And I think that before you start spouting off with an opinion, maybe you should, you know, read the article so you have a clue what the fuck you're talking about.
JavaScript is a fad that's on its way out. The same thing happened to Ruby due to Ruby on Rails. The Ruby hype really started taking off around 2006, but by 2010 people realized how shitty Ruby and RoR actually are. That's why we hear almost nothing about either of them these days. The same thing is happening to JavaScript, although it's delayed slightly. It really started taking off around 2008, so it's a couple of years behind Ruby. By 2013, it's likely that JavaScript and its advocates will be widely shunned, too.
2008? JavaScript gained widespread popularity around mid-1996, so by your reckoning it should have faded away sometime in 2001. Like all languages, JavaScript has its warts and WTF moments, but it is the poor craftsman who blames his tools, especially if those tools are being used by millions of other craftsman around the world to create all manner of novel and useful applications (to admittedly varying levels of quality, but again that's more about the developer's skill level than the language itself). Solving the JavaScript problem is a simple five-step process, though: create the One Perfect Language, convince the major browser manufacturers to include a flawless implementation, get all of the current JS developers to learn to code in it correctly, rewrite all existing codebases in it, and make the entire world upgrade their browsers. Done! Now, what's for lunch...?