Is JS cryptography still evil?

Torben Haase - @letorbi

Since Matasano Security published their "Javascript Cryptography Considered Harmful" paper, cryptography done in JavaScript has a bad reputation. On the other hand there are a number of JavaScript crypto-libraries and more and more webapps that use encryption.

I'd like to analyse if the assumptions made by Matasano in 2011 are still valid and introduce some common libraries for JS cryptography. Apart from that I'll show some patterns that might be helpful to prevent common errors when doing cryptography in JavaScript and like to discuss them with you.