Native JS Encryption

Brendan Eich brendan at mozilla.com
Fri Mar 18 18:58:25 PDT 2011


On Mar 18, 2011, at 6:44 PM, Shabsi Walfish wrote:

> On Fri, Mar 18, 2011 at 4:53 PM, Brendan Eich <brendan at mozilla.com> wrote:
> In support of Robert's point, we have Firefox Sync [1], which client-side encrypts many blocks of user data (not just passwords; cookies, history, etc.) to hide it from our own (or an alternative; the server is open source) sync service.
> 
> This needs native speed, which we provide via privileged-JS-only (our so-called "chrome" user-interface JS) access to our native crypto module (NSS). The volume in blocks and bytes requires it. Using pure-JS crypto lowers performance an order of magnitude or two.
> 
> I'm not convinced that you need native speed even for this (and its a bit specialized, since it lives in the browser chrome). It sounds like you are talking about a few MB of data, at most.

Sorry, no. I'm telling you our product requirements, not soliciting unquantified speculation. Users have tons of data (think all-tabs session histories). Users do not like waiting. We have to hide sync in the existing schedule, so megabytes do add up.


> Native code could probably do that in something like 10 or 20 ms, and even if you are slower by an order of magnitude you can do it in 200 ms

I wrote "or two".


> 
> To your point about the API being "best, most current" crypto-standard (for a given key size, perhaps): that is usable but often in our modern era, JS clients must chat with JS server peers using precisely *this* or *that* crypto protocol. So I imagine we'll need both kinds of APIs: best-latest and exactly-this.
> 
> Hence you can allow for versioning and backwards compatibility, like most protocol APIs do.

Again, sorry: no. We are not sync'ing ES.next or ES.whatever to *every* protocol and crypto-protocol out there in any future epoch. We can't hope to guess. Instead we would decouple as current, hardcoded-in-C++, distributed in browsers modules do: provide certified and well-thought of algorithms.

Ideally it's all doable in JS at good enough perf. Reality is not there yet and won't be for years. Ask around inside Google :-P.

/be

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20110318/1533696b/attachment.html>


More information about the es-discuss mailing list