Comparison with... #1
Comments
|
this is based on scryptsy but without the progresscallback stuff, and
reformated into a class to make sure I could clean everything up afterwards
and so that we could use the cryptobrowserify pbkdf2 package.
…On Tue, Nov 27, 2018 at 6:21 PM Daniel Cousens ***@***.***> wrote:
Another day, another scrypt module.
cryptocoinjs/scrypt#1 <cryptocoinjs/scrypt#1>
Now there is
- https://github.com/barrysteyn/node-scrypt
- https://github.com/cryptocoinjs/scryptsy
- https://github.com/cryptocoinjs/scrypt
@fanatid <https://github.com/fanatid> @barrysteyn
<https://github.com/barrysteyn> @calvinmetcalf
<https://github.com/calvinmetcalf> @jprichardson
<https://github.com/jprichardson>
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1>, or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABE4n_W3lL5Nq_171Gd-mwXgABbbZ1usks5uzckVgaJpZM4Y2ijD>
.
|
|
so to unpack it a bit since this would be installed by default in browserify and webpack anything with a build step would be right out because that would get triggered every time those packages are installed, this right off the bat eliminates node-scrypt and scrypt from being useful. scryptsy could be used but it has the progresscallback stuff which doesn't fit into the node api and would be deadweight and doesn't let us use async pbkdf2 (which leverages browser native crypto) since it always uses sync crypto. Lastly scryptsy calls in the whole crypto module which is fine if it's something you're using in node, but in the browser that would include in all the other parts of crypto preventing you from requiring it in on its own, also it could make a circular dependency issue. |
|
I don't think any of those issues are unresolvable, I think we could have trivially exposed a Node-like interface by default, and then the |
|
ideally we'd want https://github.com/cryptocoinjs/scryptsy/blob/14fa57ff829479f28de02eb430dcf6474e4fffcb/lib/scrypt.js#L43-L45 available as a separate export without the progress callback stuff |
|
I'm open to any modifications. Creating new libraries that do the same thing makes it harder for people to audit libraries as the audit surface area increases. Increased audit surface area makes it harder to prevent the problems that we saw on Monday (backdoor targetting Copay). |
|
@calvinmetcalf happy to add you to cryptocoinjs if you'd like. |
|
sure you can add me, I'll try switching it up when I get a chance |
Another day, another
scryptmodule.cryptocoinjs/scrypt#1
Now there is
@fanatid @barrysteyn @calvinmetcalf @jprichardson
How did this happen again?
The text was updated successfully, but these errors were encountered: