Suggestion: use tweetnacl instead of crypto-js

ajxchapman / sendpass

Securely* send passwords, URLs or other text data from any trusted computer with a camera (Phone, Laptop, Web Cam, etc.) to an un-trusted computer with ease.

https://sendpass.io

Other

8 stars 0 forks source link

Suggestion: use tweetnacl instead of crypto-js #1

Open bayotop opened 3 years ago

bayotop commented 3 years ago

It might be a good idea to replace the current crypto-js encryption (using plain AES) with tweetnacl's secretbox API. The library was audited in 2017 by Cure53 and the result suggests that it might be a good choice despite browser cryptography still being a nuanced topic.

I'm not confident about the actual benefits, but hopefully this might at least start a discussion about what's best.

ajxchapman commented 3 years ago

crypto-js was not chosen for any good reason, other than providing a simple AES encryption / decryption interface, and at the time I was unaware of tweetnacl.

I will investigate and compare the two libraries and select the most suitable for this project.

Thanks for the suggestion