search

simbo1905 / thinbus-srp-npm

This package provides a Javascript Secure Remote Password SRP SRP6a implementation for web browsers to perform a zero-knowledge proof-of-password to a web server.
101 stars 14 forks source link

rationalise the two clients #7

Closed simbo1905 closed 1 year ago

simbo1905 commented 6 years ago

Browserify applied to client.js created a >600k file. Browserify applied to the original thinbus js from the Java project creates a 28k file. Rather than try to optimise client.js (which actually just the original thinbus js with canonical npm dependencies) the original is shipped as an additional client version in browser.js.

This ticket is the task to rationalise down to one client version of a reasonable size. Issue #3 is to rewrite this codebase to be TypeScript and in a more functional programming style. At which point the plan is to make client.ts the one true client and fiddle around with browserify to get it to generate a small browser friendly UMD client.js.

simbo1905 commented 6 years ago

Looks like the problem is that require('random-strings') does require('crypto') which is over 600k in size. It only uses:

randomBytes = new Buffer(0); while (randomBytes.length < maxLength) { readBytes = crypto.pseudoRandomBytes(maxLength - randomBytes.length); randomBytes = Buffer.concat([randomBytes, readBytes]); }

So we simply need to polyfill crypto.pseudoRandomBytes

simbo1905 commented 1 year ago

Okay, I am not going to fix this, as it is six years old and browsers have great support for crypto.pseudoRandomBytes as shown at Web_Crypto_API