[UPDATED ENTRY]

A new version of the Clipperz Javascript Crypto Library (CCL JCL) is now available for download from Google Code SourceForge. The new release dramatically enhances execution speeds (the AES cipher is now at least twice as faster as before) and introduces “deferred” mechanisms for a smoother user experience.

The CCL JCL is a Javascript collection of fundamental cryptographic functions that are used within the Clipperz password manager, it is also our way to give back to the community of Javascript developers to which we are deeply indebted. The CCL JCL is released as open source under a revised BSD AGPL license.

We would love to hear from the 1,716 developers that already downloaded the Clipperz Javascript Crypto Library! Please, send in your comments and suggestions.

Javascript implementations of cryptographic algorithms have been around for years. Some of the pioneers in this field were: John Walker, Chris Veness, Paul Andrew Johnston and Leemon Baird. They all realized that Javascript could turn the browser into a new and ubiquitous “number crunching” tool that comes pre-installed on every modern computer. Even if they mostly wrote code for educational purposes, their work was an important inspiration to us.

While building the security foundation of the online password manager, Giulio had to write from scratch all the needed crypto primitives. He did it with the intellectual rigor of the long-time software developer, aiming to achieve maximum execution speed while preserving modularity and reusability. His achievements were too good to be confined to a single web application, therefore we decided to pack them into a library and make it available to everybody. If you are a web developer and into Javascript check it out! You can find:

• the fastest AES-256;
• the only available Javascript implementation of:
  • Fortuna, a strong pseudo-random number generator
  • SRP, the verifier-based authentication protocol
• a robust and efficient SHA-2 hash function

Even if you are not interested in zero-knowledge web applications, you could be tempted to exploit browser-based cryptography to improve the security of specific portion of your application. As an example, you could consider replacing your present authentication system with SRP. Feel free to contact us for any further information and support, we’ll be glad to help!

Recently we’ve approached elliptic curve cryptography (ECC). The code already included in the library is still very slow and incomplete. We would love to improve it and develop all the components of a public-key cryptographic system based on elliptic curves. It’s an ambitious and complex plan. Any volunteer to help?

UPDATE

The Clipperz Crypto Library, now JavaScript Crypto Library, changed its license from BSD to AGPL. As a consequence it was moved from Google Code to SourceForge. Read more here.