martindale
commented
9 years ago +1, have reviewed. This looks great. Solid ACK from me.
Closed xcthulhu closed 8 years ago
martindale
commented
9 years ago +1, have reviewed. This looks great. Solid ACK from me.
braydonf
commented
9 years ago I think this would be a good time to switch to using the optimized Node.js crypto library for the sha256 function, similar to bitcore, and send it a Buffer. If the data argument isn't a buffer, the type would default to utf-8 with new Buffer(data, 'utf-8').
Also as mentioned in https://github.com/bitpay/bitauth/issues/44 we can include browser builds in tagged releases (not in master), however can fix this is a separate pull request that updates the release process.
Edit: Both ripemd and sha256 hash functions can use the Node.js crypto library both of which will browserify. However, we'll need to use the name rmd160 and not ripemd160 for it to browserify.
xcthulhu
commented
9 years ago Does new Buffer(data, 'utf-8') handle surrogate pairs correctly?
Google closure's goog.crypt.stringToUtf8ByteArray does not, although it looks like this blog post here has a work-around: http://jonisalonen.com/2012/from-utf-16-to-utf-8-in-javascript/
As you know I have a port of BitAuth to the JVM in clojure here: https://github.com/xcthulhu/clj-bitauth
My tests are written in an isomorphic fashion where they compile to both Java byte code and javascript, and right now all my tests are passing and I have perfect feature parity.
This is currently working with my stack to be honest, but I'm willing to change my upstream code if javascript's new Buffer(data, 'utf-8') reliably agrees with java's data.getBytes("UTF-8").
The core module now handles signing Unicode payloads in a platform independent way. I have tested my changes both in the mocha tests here and also in a Clojure/JVM port of bitauth I have authored here: https://github.com/xcthulhu/clj-bitauth/blob/utf-16/test/bitauth/core_test.cljc#L95
I also fixed the
make_dist.shscript, and put the browser bundles back in thedistdirectory as per a request by @crisptrutski, the CLJSJS maintainer in a discussion I had with him here: https://github.com/cljsjs/packages/pull/223TODO:
bitauth.encryptandbitauth.decryptdon't handle unicode in a platform independent mannerbitauth.encryptandbitauth.decryptwould be nice, rather than just elementary passwords, as I discuss in https://github.com/bitpay/bitauth/issues/38I'm using BitAuth as my security layer for my own project. I had admittedly invented a similar protocol while I was doing contract work for Ethereum, and I figured since you guys already had an effort I would build off of this.
If you guys want, I would love to build on the BitAuth standard and make pull requests upstream as my design requirements dictate I make extensions.