Ernie Turner on Dodging Web Crypto API Landmines π§
Explore Ernie Turner's 2018 talk at Web Rebels about navigating the challenges of the Web Crypto API.
CodeFlex
1 views β’ Mar 14, 2025
About this video
Download 1M+ code from https://codegive.com/bb63f50
okay, let's dive into ernie turner's "dodging web crypto api landmines" talk from web rebels 2018. this talk highlighted common pitfalls and best practices when using the web crypto api. i'll break down the key concepts, provide code examples, and elaborate on the reasoning behind each point.
**overview of the talk's main themes**
ernie turner's talk focused on making the web crypto api more accessible to developers and pointing out where potential problems could arise. the main themes covered were:
1. **understanding asynchronous nature:** the web crypto api is entirely asynchronous using promises.
2. **choosing the right algorithms:** selecting algorithms appropriate for the task at hand and understanding their limitations.
3. **key generation and storage:** securely generating, using, and managing cryptographic keys.
4. **avoiding common mistakes:** identifying and avoiding frequent errors and security vulnerabilities.
5. **browser compatibility:** addressing browser-specific behavior and ensuring cross-browser functionality.
**1. asynchronous nature: embrace promises**
the web crypto api is asynchronous, and this is crucial. all operations (key generation, encryption, decryption, signing, verification, etc.) return promises. this avoids blocking the main thread, preventing ui freezes and improving the overall user experience.
**why is this important?**
javascript in the browser is single-threaded. blocking the main thread means the browser can't update the ui, respond to user input, or execute other critical tasks. cryptographic operations can be computationally intensive, especially with large datasets or complex algorithms. asynchronous operations with promises allow these tasks to run in the background.
**code example (basic encryption):**
**explanation:**
* `async function encryptdata(...)`: marks the function as asynchronous. we can use `await` inside it.
* `await window.crypto.subtle.encrypt(...)`: the `await` keyword pauses the e ...
#ErnieTurner #WebCryptoAPI #WebRebels2018
Ernie Turner
dodging web
crypto API
landmines
web rebels
2018
blockchain technology
digital security
API vulnerabilities
web development
cybersecurity
decentralized applications
risk management
software engineering
online safety
okay, let's dive into ernie turner's "dodging web crypto api landmines" talk from web rebels 2018. this talk highlighted common pitfalls and best practices when using the web crypto api. i'll break down the key concepts, provide code examples, and elaborate on the reasoning behind each point.
**overview of the talk's main themes**
ernie turner's talk focused on making the web crypto api more accessible to developers and pointing out where potential problems could arise. the main themes covered were:
1. **understanding asynchronous nature:** the web crypto api is entirely asynchronous using promises.
2. **choosing the right algorithms:** selecting algorithms appropriate for the task at hand and understanding their limitations.
3. **key generation and storage:** securely generating, using, and managing cryptographic keys.
4. **avoiding common mistakes:** identifying and avoiding frequent errors and security vulnerabilities.
5. **browser compatibility:** addressing browser-specific behavior and ensuring cross-browser functionality.
**1. asynchronous nature: embrace promises**
the web crypto api is asynchronous, and this is crucial. all operations (key generation, encryption, decryption, signing, verification, etc.) return promises. this avoids blocking the main thread, preventing ui freezes and improving the overall user experience.
**why is this important?**
javascript in the browser is single-threaded. blocking the main thread means the browser can't update the ui, respond to user input, or execute other critical tasks. cryptographic operations can be computationally intensive, especially with large datasets or complex algorithms. asynchronous operations with promises allow these tasks to run in the background.
**code example (basic encryption):**
**explanation:**
* `async function encryptdata(...)`: marks the function as asynchronous. we can use `await` inside it.
* `await window.crypto.subtle.encrypt(...)`: the `await` keyword pauses the e ...
#ErnieTurner #WebCryptoAPI #WebRebels2018
Ernie Turner
dodging web
crypto API
landmines
web rebels
2018
blockchain technology
digital security
API vulnerabilities
web development
cybersecurity
decentralized applications
risk management
software engineering
online safety
Video Information
Views
1
Duration
19:58
Published
Mar 14, 2025
Related Trending Topics
LIVE TRENDSRelated trending topics. Click any trend to explore more videos.