search

mirek / node-json-hash

JSON hash
24 stars 4 forks source link

[1.1.0] default to or export internal crypto! #3

Open clintwood opened 8 years ago

clintwood commented 8 years ago

The readme says the internal JavaScript crypto implementation is used by default but this is not the case. Also, the internal crypto is not exported so there is no way to configure to use the internal crypto.

Ideally, to ensure same resultant hash of identical objects both client side (browser) and server side (node) the internal crypto needs to be exported or used by default.

[edit] BTW Thanks for this :+1:

mirek commented 8 years ago

It's true that nodejs crypto is used as default and internal one is not exported.

I left internal implementation unfinished in this state. The real sin is stating in readme that internal one is used which is not true.

Thanks for spotting it. I'll try to sort it out asap.

But internal and nodejs crypto's sha1 will produce the same hashes - this will be covered by tests. For other hash functions internal should throw for now.

I'm actually not sure what's the best way of arranging it. Is keeping internal sha1 implementation the best way to do it? Maybe it's better to allow browser shims? The reason it's internal is because crypto shim is massive and we just need few lines of sha1 for this library to work. This probably covers most of use cases and it's light. This should be default browser behaviour. But default behaviour in nodejs context should be to use, much faster, nodejs crypto's implementation.

I'll have a think about it, maybe you have some ideas?

clintwood commented 8 years ago

@mirek, I did notice that the result was the same after manually changing the node version to use the internal crypto implementation but wasn't sure if my test/hack case would cover all scenarios.

In terms of how to structure this I'm not sure but I think a key use case is that it generates the same hashes in the browser and node. Since the web platform seems to be well committed to providing a Web Crypto API (see here & here), I assume a shim will only be an interim necessity! So maybe either recommend a browser based sha1 shim and give an example of how to hook this up in the browser or export your sha1 (crypto) shim as an ES2015 module such that when/if bundling it can be eliminated during tree-shaking!