I never knew there were crypto abilities in Gecko-based browsers. There is evidently a window.crypto object, which is accessible:

Mozilla defines a special JavaScript object to allow web pages access to certain cryptographic related services. These services are a balance between the functionality web pages need, and the requirement to protect users from malicious web sites. Most of these services are available via the JavaScript window object as window.crypto. For instance, to obtain a ten byte random number using the cryptographic engine, simply call:

var myrandom = window.crypto.random(10);

Services are provided to enable: smart card events, generating certificate requests, importing user certs, generating random numbers, logging out of your tokens, and signing text.

More details here.


burtonator said…
I always thought it would be interesting to implement Digest based authentication with form based auth for a bit better security for authentication over non-SSL channels.

Doing this in the browser via Ajax could be done this way.

Of course, there are javascript implementations of MD5/SHA1
Aye, it's been there for over 10 years.

Too bad IE 4 never copied that particular feature, or perhaps we'd have found a real-world use for it. Oh well....