JCryption - JavaScript data encryption

I think this library is a great idea. We can add its signature to automated scanning tools, and feed it to Google Code Search queries, and periodically generate lists of catastrophically insecure web applications. I much prefer a single, easily-detected security failure than a diverse population of more subtle failures. Kudos to this guy.<p>I will send a Matasano poster to anybody who posts a valid flaw in actual implementation of this library, excluding the fatal design flaw of delivering encryption code via Javascript to browsers.<p>I'll get you started (I've already got a poster): this library uses PHP's builtin mt_rand() to generate keys.

There is no way to validate the public key the data is encrypted against, so a man in the middle is possible by injecting a new public key and intercepting the cypher-text on its way back.<p>Just my though, if this type of security is needed, why forego SSL?

Voted up in hopes that tptacek sees this so I can watch him rip it apart. ;)

This does raw RSA in ECB mode. It is vulnerable to both chosen-plaintext and replay attacks.

Why do they use RSA? Isn't Diffie-Hellman a better method? Exchange keys by DH and then encrypt traffic symmetricaly. Is it reasonable?