javascript - HTML5 Client Side Data Encryption - What are my options?

Question

I am working on a EDIT: mobile web app which displays some sensitive information and requires a login which stores the members username and password in a HTML5 Session. The username and password are currently stored in an un-encrypted state for the reason that we need to use this username and password on each page load to access the clients remote web-service.

EDIT: After a security review our client raised the following concern:

"There is the potential that Session Storage information can get stored on disk (e.g. on a browser crash). For this reason no sensitive information should be stored unencrypted in session storage. User ID’s and session tokens can be stored since session timeouts are implemented however storing of passwords/PINs is not recommended."

What would be the best/most secure method of encrypting and decrypting sensitive data stored client-side?

Thanks!

Answer 1

Hi instead of storing the username and password, can you not create some sort of "session" with the remote server and instead transmit an authentication token?

Storing a username and password anywhere in the client side gives me the shivers.

Perhaps of looking for ways of storing the username / password safely, look for ways of removing the need to store it at all.

However of course I'm saying this without knowing the full background... I'm guessing there is a good reason to need to store the username / password.