To be frank, I have only ever seen the non-standard crypto functions used in attacks, rather than in purposeful use.
+1 to unimplement. On 26.06.2014 22:40, David Keeler wrote: > [dev.platform cc'd for visibility - please follow-up to dev.tech.crypto] > > Summary: > We intend to remove the proprietary window.crypto functions and > properties. See > https://developer.mozilla.org/en-US/docs/JavaScript_crypto for what will > be affected by this change. > Our reasoning is as follows: These functions have never been (and never > will be) standardized. The implementation has near-nonexistent test > coverage. What few tests exist were written as a result of finding > easily-encountered bugs years after the original implementation > landed[0][1][2]. As it is exposed to web content, it represents a > considerable attack surface. It is not well-maintained. It is > incompatible with our process-separation and sandboxing efforts. It is > not supported or enabled on Firefox OS. > Meanwhile, we are making progress on implementing the webcrypto > specification[3]. When complete, webcrypto should provide compatible > functionality for what these functions are currently being used to do. > Any functionality not implementable using webcrypto is available to > addons (see the interfaces in security/manager/ssl/public). > > Note: this does not include window.crypto.subtle or > window.crypto.getRandomValues, which are part of webcrypto and do not > need to be removed. > > Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1030963 > > Spec: n/a > > Platform coverage: desktop, android > > Target release: 33 > > Pref: n/a > > [0] https://bugzilla.mozilla.org/show_bug.cgi?id=849553 > [1] https://bugzilla.mozilla.org/show_bug.cgi?id=934716 > [2] https://bugzilla.mozilla.org/show_bug.cgi?id=935618 > [3] https://bugzilla.mozilla.org/show_bug.cgi?id=865789 > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
