Major re-factoring, security by default additions and the addition of a full Jasmine test suite with ~95% code coverage.

[grempe]

Hi, here is a pretty major re-factoring and includes the addition of a full test suite. Some of the big-ticket items are (in no particular order):

0.2.0 (grempe : Pending)
[Enhancement] Extend the output of getConfig() to include the radix and maxShares properties.
[Security] Zero-pad all secrets in multiples of 128 bits (instead of 0) by default.
[Performance] Massive (100x) speed optimization to padLeft() private function (the second most frequently called block of code internally).
[Testing] Added a full jasmine test suite and Karma test runner. Karma runs will also generate code coverage HTML reports. Code coverage is currently >90%.
[Testing] Expose all private functions as Underscore (_) prefixed functions to allow direct unit testing.
[Security] Removed Math.random fallback random number generator. Should always fail safe, even if it means not working. secrets.getConfig().unsafePRNG will always result in undefined now as it is no longer ever set.
Refactored away need to know anything about global var.
[Testing] jslint.com, jshint.com, and eslint CLI warnings for code and style now clean.
Beautify code.

This should be 100% backwards compatible with the original share format and the public API. The driving force was to have a tested version of the module, and to make some changes the lean towards security by default instead of as an extra action that the developer has to understand and implement (e.g. no fallback to insecure Math.random, and automatic zero-padding.) This was also a good way for me to more fully understand the code before relying on it from a security standpoint. I'd be really pleased if you would pull this in to the mainstream repo. It would also be great if the bower registration held by @theorm were transferred to you now that a bower.json file is included. I bumped the version to 0.2.0. Its may not need to be a major semver release (e.g. 1.0.0) since the API is still the same.

I added some items for consideration in the README which would require a share format change. The two most important ideas are to add a checksum to the share, and to remove the ID from the public share. This seems to me like an information leakage since it provides info about how many shares were originally generated which could be useful to an attacker or an imposter.

I am using secrets.js in a side-project I am working on now and the cleanup was helpful to me. I hope you and others find it useful as well. Of course I am open to comments or concerns.

Cheers,

Glenn

[grempe]

FYI, I have registered my enhanced fork of this project at bower.io so it can be installed. The package name there is 'secrets.js-grempe' and the version # is 0.2.0.

Please feel free to use that version if the original author chooses not to accept my (admittedly large) pull request.

Registration info:

~/src/secrets.js (master ✗)$ bower info secrets.js-grempe
bower secrets.js-grempe#*       cached git://github.com/grempe/secrets.js.git#0.2.0
bower secrets.js-grempe#*     validate 0.2.0 against git://github.com/grempe/secrets.js.git#*

{
  name: 'secrets.js-grempe',
  main: 'secrets.js',
  version: '0.2.0',
  homepage: 'https://github.com/grempe/secrets.js',
  authors: [
    'Alexander Stetsyuk <alexstets@gmail.com>',
    'Glenn Rempe <glenn@rempe.us>'
  ],
  description: 'Shamir\'s threshold secret sharing scheme for javascript.',
  keywords: [
    'secret',
    'sharing',
    'shamir'
  ],
  license: 'MIT',
  ignore: [
    '**/.*',
    'node_modules',
    'bower_components',
    'spec'
  ]
}

Available versions:
  - 0.2.0
You can request info for a specific version with 'bower info secrets.js-grempe#<version>'
~/src/secrets.js (master ✗)$ bower search secrets
Search results:

    secrets.js git://github.com/theorm/secrets.js.git
    secrets.js-grempe git://github.com/grempe/secrets.js.git
~/src/secrets.js (master ✗)$