search

jedisct1 / libsodium.js

libsodium compiled to Webassembly and pure JavaScript, with convenient wrappers.
Other
968 stars 138 forks source link

sodium.crypto_pwhash_SALTBYTES is undefined. Doesn't appear to be set in repo... #326

Closed MichaelJCole closed 10 months ago

MichaelJCole commented 10 months ago

Here's a git repo to reproduce: https://github.com/MichaelJCole/libsodium-issue

It's undefined when I'm using it in my typescript project:

import sodium from 'libsodium-wrappers'

console.log(
  'browserSizedHash',
  sodium.crypto_pwhash_SALTBYTES
)

outputs:

browserSizedHash undefined

Typescript will autocomplete the property name, but the value doesn't appear to be assigned in the libsodium repo:

https://github.com/search?q=repo%3Ajedisct1%2Flibsodium.js+crypto_pwhash_SALTBYTES&type=code

These constants are also undefined, am I missing something? Thank you!

    sodium.crypto_pwhash_SALTBYTES,
    sodium.crypto_pwhash_OPSLIMIT_INTERACTIVE,
    sodium.crypto_pwhash_MEMLIMIT_MODERATE,
    sodium.crypto_pwhash_ALG_ARGON2ID13

Here are the versions I'm using:

 "dependencies": {
    "libsodium-wrappers": "^0.7.13",
  },
  "devDependencies": {
    "@types/libsodium-wrappers": "^0.7.12",

I can't install matching versions of the types and lib:

> $ npm install                                                                                                                                          ⬡ 18.18.0 [±dev ●●]
npm ERR! code ETARGET
npm ERR! notarget No matching version found for libsodium-wrappers@0.7.12.
npm ERR! notarget In most cases you or one of your dependencies are requesting
npm ERR! notarget a package version that doesn't exist.

> $ npm install                                                                                                                                          ⬡ 18.18.0 [±dev ●●]
npm ERR! code ETARGET
npm ERR! notarget No matching version found for @types/libsodium-wrappers@0.7.13.
npm ERR! notarget In most cases you or one of your dependencies are requesting
npm ERR! notarget a package version that doesn't exist.
jedisct1 commented 10 months ago

Looks like crypto_pwhash_* is only is the sumo version.

MichaelJCole commented 10 months ago

@jedisct1 Aha! Got it.

I'm looking for an isomorphic Argon2 implementation so node and browser can hash to the same id.

libsodium-wrapper looks promising, but I got the impression the sumo version was experimental, unstable, and/or included dangerous stuff.

Is there a specific reason Argon2 isn't in the regular version?

Thank you

jedisct1 commented 10 months ago

sumo is exactly the same as the regular version, with additional functions included.

The password hashing functions require a lot of memory that has to be preallocated. So, if you're not using them, this is a waste of memory. This is why they are not in the regular version.

MichaelJCole commented 10 months ago

@jedisct1 Got it, thank you