Ask HN: is Client Side Encryption for payments secure?
Stripe and BrainTree both provide Client Side Encryption.
However, after reading the Matasano article http://www.matasano.com/articles/javascript-cryptography I'm concerned about how secure client side encryption would be.
Any thoughts?
3 comments
[ 4.2 ms ] story [ 42.3 ms ] threadClient side encryption is unexplored. Secure crypto is possible only through extensive peer review, which is missing in the case of client side encryption using JS.
I think SSL/TLS is sufficient if implemented correctly. The only advantage that client side encryption using js offers is that the contents are not known to the server. Whereas in the case on SSL/TLS, the server basically has access to all your encrypted data since they hold the keys. But I digress. Client side encryption needs more R&D.
(Disclosure, I work for Braintree)