Closed fyears closed 5 months ago
paulmillr
commented
5 months ago If you want to use webcrypto, why are you using noble?
webcrypto api is adopted everywhere
This is not true. Many environments don’t have webcrypto. For example, React Native.
fyears
commented
5 months ago because noble has consistent and simple api while webcrypto is kind of a little complex
paulmillr
commented
5 months ago Good point. It may be considered in the future, once webcrypto gains more features and adoption.
As for pbkdf2: noble is slower, but not 10x slower - still usable.
imcotton
commented
5 months ago Many environments don’t have webcrypto. For example, React Native.
Another aspect: WebCrypto is restricted to secure contexts (HTTPS), which might not always be practical in home-lab, IoT, and local-first setups.
fyears
commented
5 months ago but i notice noble cipers has separate webcrypto aes part. maybe we can consider the same thing on noble hash.
paulmillr
commented
5 months ago From performance standpoint, it only makes sense to have it for PBKDF2:
Keep in mind that pbkdf2 is not recommended (use argon2id instead).
I love noble packages' api for their simplicity. But while I am using sha256 and pbkdf2, I notice that the source is self-implemented, not using webcrypto primitives.
Right now (May 2024), webcrypto api is adopted everywhere, especially both in browser and nodejs. Would you like to build the api based on webcrypto primitives? I am concerning the speed, and obviously using native webcrypto should be much faster than a pure js implementation.
Thanks!