Cryptographer hate for JWT

What some cryptographers say about JWT

Sophie, indistinguishable from random noise

If alg=none was the only issue with this abomination of a standard, I could ignore it, and work around it. But the way this standard is used, it's almost impossible to build a secure JWT library

Jul 08 2021 21:29:28 UTC (archived)

Tony "Abolish ICE" Arcieri 🦀🌹

This vulnerability is a trifecta of things I hate:

- Ruby OpenSSL extension
- AES-GCM (great performance but so brittle)

Expect years and years and years and years of ongoing JWT related vulnerabilities, with people continuing to claim "this isn't a problem with JWT!"

Jul 06 2018 02:05:05 UTC

Filippo Valsorda

JWT is so bad that I find myself wondering what I was doing when it was being created and if I could have done something to stop it.

Also, note that this HN thread is full of developers just now learning that JWTs only does signing. Except it can also do encryption. 🤷‍♂️

photo added to the tweet

Sep 01 2020 23:58:07 UTC

Scott Arciszewski

One of the most damning observations about JWT is that, whenever you introduce someone to a new way that you can shoot yourself in the foot, they automatically assume you're talking about some old way that you can shoot yourself in the foots.

Aug 25 2021 10:58:22 UTC (archived)

Scott Arciszewski

This isn't an isolated incident. Every time someone talks about why JWT is bad, someone engages in a congruent fashion.

"Blame the libraries, or the defaults. Don't blame the standard!"

"The attack you're describing sounds like an old attack which was an implementation's fault"

Aug 25 2021 10:58:25 UTC