ricmoo / scrypt-js

Pure JavaScript implementation of the scrypt password-based key derivation function.
http://ricmoo.github.io/scrypt-js/
MIT License
141 stars 26 forks source link

Evaluate usage of the WebCrypto API in order to speed up the computation #9

Open evilaliv3 opened 8 years ago

evilaliv3 commented 8 years ago

It would be interesting to evaluate usage of the WebCrypto API in order to speed up the computation.

Here is the possible cross compatible way of using the SHA implemented using web workers: https://github.com/globaleaks/GlobaLeaks/blob/master/client/app/js/crypto/main.js#L48

the example takes into account the difference of API implemented by the great and inimitable Internet Explorer.

This would make the library more secure, modern and efficient.

ricmoo commented 4 years ago

Sorry, that page seems dead now. It took me far too long to get to catching up on issues with this repo.

I am trying to avoid external dependencies in this library though. I am considering forking it into my ethers library though, since it would be nice to consolidate the various SHA2 implementations that end up getting swept along, and that way it can easily use the best SHA2 and PBKDF2 implementations available.

ricmoo commented 4 years ago

Wow... Just noticed this was opened 2016. I'm way behind schedule.

webmaster128 commented 4 years ago

As far as I can see at https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto#Using_SubtleCrypto (scroll down a little to the table), there is no scrypt support in the WebCrypto API.

webmaster128 commented 4 years ago

I tried replacing PBKDF2_HMAC_SHA256_OneIter with a WebCrypto implementation in https://github.com/ricmoo/scrypt-js/pull/26. It seems to work in Chrome but does not help performance.

ryancdotorg commented 3 years ago

The PBKDF2/SHA2 functions are only called a small number of times at the start and end of the scrypt algorithm, and likely aren't worth optimizing (for speed, anyway). The PBKDF2 implementation in my fork is a lot faster for large outputs, but it doesn't matter for typical scrypt parameters.