There are numerous articles on the web quoting the perils of JavaScript cryptography including this stackoverflow question and the article and message board it links to.
My users need to be able to access our website using passwords. While the connection is established using SSL, we also want to provide any additional protection we can (even if they’re futile) against malware in the user’s machine/browser.
Are there any industry standards/best practices for client-side cryptography which help overcome any/all the limitations mentioned in the links above?
NOTE: When we finally chose a library, it was jCryption because it supported asymmetric encryption.
The Stanford Javascript Crypto Library (hosted http://crypto.stanford.edu/sjcl/ on Stanford’s server or here on GitHub) is a project by the Stanford Computer Security Lab to build a secure, powerful, fast, small, easy-to-use, cross-browser library for cryptography in Javascript.