-
Notifications
You must be signed in to change notification settings - Fork 122
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The crypto module #339
Comments
While the built-in crypto interface should be as easy to use as possible, this is something I have thought about a lot in the past. Simply put, a user-friendly wrapper around the |
Thanks for the response @tniessen. When you say
how are you thinking about evaluating whether a particular change makes it "easy to use", and who's the target audience? It seems to me that the existing API design goal is to make it look as much like OpenSSL as possible, which I guess would mean easy to use for people that are very familiar with OpenSSL. Or are you thinking something else? I wonder if we can make expectations clearer by deprecating the name |
Out of curiosity, why not? (We have a user-friendly wrapper around the |
Optimally, people with more advanced crypto knowledge should have all the options and possibilities they want, while less experienced users should have an easy-to-use interface.
I am probably one of the most active people working on crypto and this has never been one of my design goals, even though our implementation is obviously restricted by OpenSSL's design and thus cannot completely deviate from it. I personally don't like being bound to a vendor, that's one of the reasons why I did not proceed with RSA key generation in Node.js, I don't like an API that is tailored to its implementation (as suggested in nodejs/node#15116 (comment)). Whether Node.js uses OpenSSL, OpenSSL with FIPS, LibreSSL or any other library should not affect users of the
It makes sense that the
I don't say I wouldn't want it in core, I am just saying that I don't see it getting into core at this point. Some reasons off the top of my head:
|
Got it, I appreciate the clarifications. I think we can start by being a little idealistic and first explore what an ideal high-level API might look like in core, and then investigate the feasibility and try to analyze the cost/benefit with respect to the whole small core problem. Based on the response from the other issue, I think we may be able to get more volunteers to work on a higher-level API (we also have a few cryptographer friends that might be interested in helping out too; API design seems like an increasingly relevant topic in cryptography these days and this could have a huge impact). |
I have to strongly disagree there. As I already explained in the other thread, many developers assign particular value and importance to the core libraries, to the point of actively choosing worse or less-safe implementations in the core libraries over better external options. If there's one place where we can't afford this, it's in cryptography. Yes, I understand that the intention of Node.js core is to remain small, and I fully agree with that intention; however, it should remain an intention and not something to preserve at all costs. When looking at how developers actually view core, providing a safe-by-default cryptography API would significantly improve ecosystem security, and so it seems reasonable to me to still add this to core. (The main reason I'm treating 'sub-optimal developer decisions around security' specially compared to 'regular sub-optimal developer decisions', is that security failures are generally silent; the developer will have no feedback that their implementation is wrong until they get compromised. For most non-security sub-optimal developer decisions, the developer will usually discover the awkwardness/bugs by themselves.) As a general policy note (since I'm not sure where else to file this), over the past few years I've gotten the impression that two significant things are missing from the core development process:
I feel like it may be worth looking at how this is handled in the Rust community, as core developers there tend to have a good handle on how core is being used, and on how to design APIs ergonomically such that they are safe to use. |
@joepie91 Let me cite my previous comment:
So yeah, personally, I am not generally opposed to having a "safe-by-default" API, and I completely understand your reasoning.
This might be something for the security WG to discuss, but Node.js is still OSS and as such depends on the work of volunteers. If someone gives feedback on a change based on their perception of its security, we will certainly pay attention to it. Idea: Maybe we could make upcoming API changes more public, such that people such as yourself can provide feedback before it gets released? This is not the first time a newly introduced API received criticism, I have been in your situation as well, only that the API (luckily) had not been released at that point.
At this point I think it is fair to clarify that scrypt itself is secure and so is our implementation, and the API design matches the low-level nature of the
Yes, there is the community committee, maybe @bnb would like to add to this. |
Ah, apologies, I misinterpreted your comment then :)
Yeah, I was thinking something along the same lines. I can't commit to a full-blown core team role for time constraint reasons, but I'd certainly be happy to review (especially security-critical) APIs, if I could be notified of their proposals somehow :) I'm certainly not expecting core developers to do all the work, to be clear; just suggesting to have a more accessible and consistent process in place, to allow others (me included) to pitch in.
While I understand that view, I think it's a mistake to draw such a hard distinction between 'child-safe' and 'adult' tooling (or any similar analogy), because ergonomics matter at every level. Several of the things you've mentioned make or made errors in this regard, so I don't think we should uphold Linux/cars/browsers/etc. as some sort of gold standard. I do agree that there may be valid usecases for a more custom usage of scrypt specifically, but this should not translate into a "let's keep it as low-level as we can" approach. Even in an additional low-level API, only the actually needed switches should be present, and they should be made to look exactly as dangerous as they are. Incidentally, I'm not aware of any justifiable cases, even outside of password hashing, to provide a custom salt. But perhaps somebody could correct me on that. (@paragonie-scott?)
Just looking at the member list there, I don't recall any of them being particularly active (or active at all) in developer help venues such as the IRC channel, subreddits, and so on. I feel like without such participation, it's not really possible to bridge this gap. |
I do not think we should include easy-to-use crypto APIs in core. Maintaining a module in userland is extremely simpler, and it allows to have a stable API across multiple major versions of Node.js. I think core should just expose the primitives. I think that there is a need for an official module hosted within the Node.js github organization that we recommend for easy to use crypto. We can support that across all our supported lines (currently 10, 8 and 6) and provide a solid base for applications and module author to rely on. |
If we don't have an easy-to-use crypto API in core, I think we need to rename
Given that that's overwhelmingly the common recommendation (that or |
@drifkin @nodejs/security-wg, PTAL at nodejs/node#21766 (comment). What do you think? I based that proposal on input from here among other things. |
We may be jumping the gun here on calling the distinction here between "easy to use" and "fully featured". We're talking about what is currently a theoretical, yet-to-be-designed evolution of the To illustrate some use cases I have run into over the years that have involved direct usage of cryptography APIs, and hopefully paint somewhat of a picture of the types of problems the community at large may be looking to use a native
Some general concepts I think are important for a
There's no shortage of cryptography libraries/APIs across a variety of programming languages that we can learn from. Perhaps one step forward might be to find some others that are particularly well-designed in ways that align with this group's design goals, and look to these for inspiration. |
I don't agree that the distinction is between "safe" and "unsafe". I think the distinction being drawn here would be better described as "purpose built" and "general purpose". Openssl's APIs, and Node's crypto module, are general purpose crypto APIs. The advantage of this is that they can be used to implement protocols and formats that are defined by third parties. The disadvantage is that when a developer controls both the producer and consumer, such as the password hashing example that kicked off this conversation, the developer is forced to figure out how to use the API for their specific purpose, and can easily do this wrong. It would be better for them to use a function that was specific to that purpose. The problem with purpose built crypto APIs is that they have an internally specified format for their intermediate formats that makes them hard or impossible to use to interoperate with the crypto APIs from other libraries, languages, or standards. Node's crypto library is clearly general purpose in design. It does not have the kind of APIs that NACL does, for example. The design of the current I appreciate the frustration of the scrypt-for-humans author that some people are avoiding his better (for some purposes) API because a "scrypt" function exists in node. Node is having enough trouble getting sufficient developers to fix the existing problems (the "internally compatible" point made above is particularly painful to me). I'm not sure how we can extend to designing, implementing, and supporting an entirely new higher level/functional API. My personal preference would be for such an API to be provided out of core as an npm module, and for the Node.js crypto API docs to point to it. If instead someone PRed a functional API into Node.js and got support for it, I wouldn't object. I'm not familiar with https://www.w3.org/TR/WebCryptoAPI/. Node has a general trend to supporting Web standard APIs when it can. Would WebCrypto be an acceptable high-level API? If so, implementing it would be following a well-paved path into node core. |
This discussion seems to have run its course. I can reopen if anyone feels it should remain, but while a closed issue can continue to be used to discuss things, if there aren't concrete actions we plan to take, I don't think it needs to remain open. If anyone wants it reopened, please ping me here. |
This is maybe a little premature, since nodejs/node#21766 is still being discussed, but I think as a group we should discuss:
crypto
module? Do we imagine that it's only used by people who know what they're doing (i.e., cryptographers)? Should we strive to expose all OpenSSL functionality? Should the interface we expose match as closely as possible with OpenSSL?crypto
is in fact intended to only be used by the very small percentage of people using Node that are very comfortable thinking about cryptography, should we create another crypto module that's intended for the average Node developer to use (saycrypto-simple
)? If so, we would need to propose how to build it (perhaps getting cryptographers involved to build it on top of the existingcrypto
module, or using a more modern crypto library with an interface that is likely to be used correctly by average developers).edit: Based on the results of our discussions, we may want to propose significant changes to documentation to make sure that our users' expectations about the use of
crypto
match oursThe text was updated successfully, but these errors were encountered: