Cryptographer hate for JWT

4 min read - Text Only
If alg=none was the only issue with this abomination of a standard, I could ignore it, and work around it. But the way this standard is used, it's almost impossible to build a secure JWT library
This vulnerability is a trifecta of things I hate: - JWT - Ruby OpenSSL extension - AES-GCM (great performance but so brittle) Expect years and years and years and years of ongoing JWT related vulnerabilities, with people continuing to claim "this isn't a problem with JWT!"
JWT is so bad that I find myself wondering what I was doing when it was being created and if I could have done something to stop it. Also, note that this HN thread is full of developers just now learning that JWTs only does signing. Except it can also do encryption. 🤷‍♂️
Photo included with tweet
One of the most damning observations about JWT is that, whenever you introduce someone to a new way that you can shoot yourself in the foot, they automatically assume you're talking about some old way that you can shoot yourself in the foots.
This isn't an isolated incident. Every time someone talks about why JWT is bad, someone engages in a congruent fashion. "Blame the libraries, or the defaults. Don't blame the standard!" "The attack you're describing sounds like an old attack which was an implementation's fault"

Thomas H. Ptacek

The issue with JWT in particular is that it doesn't bring anything to the table, but comes with a whole lot of terrifying complexity. Worse, you as a developer won't see that complexity: JWT looks like a simple token with a magic cryptographically-protected bag-of-attributes interface. The problems are all behind the scenes.

For most applications, the technical problems JWT solves are not especially complicated.

But there's a reason crypto people hate the JWT/JOSE/JWE standards. You should avoid them. They're in the news again because someone noticed that one of the public key constructions (ECDHE-ES) is terribly insecure. I think it's literally the case that no cryptographer bothered to point this out before because they all assumed people knew JWT was a tire fire.

From a comment (archived) on 🍊 site.

Thomas H. Ptacek