SJCL has a bug in their RSA implementation. We're using a good bit of their code with a few changes for our web client. The idea being that we don't want to store passwords, so the webclient stores an encrpyted private key and everything sent to the server must be signed.

The users id is a sha256 hash of their public key and all we keep are the public keys.

Working so far in FF and Chrome, not even trying it in IE

Are you at liberty to disclose what you're using this for? i'm interested in learning about legitimate use cases for SJCL.

The auth system for a stock/asset exchange.

Not sure what you mean, SJCL doesn't have an RSA implementation.

Hmmm, indeed it doesn't. Who's RSA implementation am I using, guess I've forgotten.

Probably Tom Wu's JSBN implementation...

Yes, exactly. I would love to have cross device SSO and authentication. Having proper cryptography available in the browser (either built-in or through a extension) would make that easier to make. As a bonus: phishing resistant.