Crypto Meetup Munich

The second round of the new crypto meetup in munich was held yesterday at the office of FTAPI GmbH. The event was the first of hopefully many more to come and a great opportunity to discuss crypto in browsers and other security topics. FTAPI was not only host, but also initiator and organizer of this meetup and it was great to see a software company not only actively participating in the security community but also openly discussing all the questions directed at their products security.

The evening began like any meetup usually does, with people repeatedly introducing themselves to the small but ever changing groups while discussing various topics supported by beer and snacks. Alexander Stonehouse, one of the company’s developers, gave an interesting talk on client side cryptography in browsers. The gist of it was that cryptography implementations using technologies such as Java or Flash are gradually being replaced by JavaScript based solutions. While there are many benefits to running crypto in JavaScript, especially since the latter has gotten more mature and performant over the past years, there are also a few caveats that have yet to be addressed. It was really interesting to gain insights from a developers view on client side crypto and to learn a bit about the origin, current state and possible future of it all.

To keep it simple, these are the key points that I took with me from this talk:

JS crypto has come a long way and is about to completely replace Java/Flash based implementations.
As a pure framework, ForgeJS is the recommended way to go although the documentation is lacking.
Native web APIs such as SubtleCrypto are the next step, but they still have some issues to sort out.

The first point is just one more step towards a flash-less web, but more importantly it enables developers to ignore Flash or Java as a dependency and gets rid of annoying warning or update messages that pop up every once in a while. Besides the talk it was just a great and relaxed evening with interesting discussions and people and we really enjoyed talking to all these like minded people about so many different things.

Whether you’re a crypto expert or just curious, if you live in munich or find yourself in that general area and have an interest in security, I highly recommend you join us on the next meetup in September.