Open lhalcyon opened 6 years ago
Oh wow, that's indeed terrible. I'll take a look at this. Does this only affect keystores or is the rest of this library similarily slow?
only test keystore yet
@simolus3 This is because that the scrpyt lib in pointcastle does not support very well In the Wallet.dart, var derivator = new _ScryptKeyDerivator(32, 8192, 8, 1, salt),using these parameters to crypt password, it will costs 2 seconds to decrypt. However, it only costs less then 200 milliseconds theoretically. https://stackoverflow.com/questions/11126315/what-are-optimal-scrypt-work-factors
In the current version of the library, one can change the value of 8192
for the work factor when creating a new wallet via the scryptN
parameter of Wallet.createNew
. You can thus reduce it, if needed.
But the encryption being so slow is arguably a problem of Dart in general. You can reduce the work factor to make the encryption reasonably fast in Dart, but it would be easier to brute-force in languages with a faster implementation (although brute-forcing it would still take ages). In fact, the default value of 2¹³
which takes so long is well below the recommended factor from that page for interactive usage. For sensitive storage, which an Ethereum wallet obviously is, it would take forever to decrypt the wallet in Dart.
There is not much I can do about the performance about the used libraries, sadly :disappointed:
suggestion: use dart:isolate when doing the encrypt/decrypt job.
I suggest that we can use native token sdk to develop wallet just like imToken does. After all , the native library performs better than dart does :) . imToken 's native Android & iOS SDK address: token-core-android token-core-ios
And I 've developed a flutter package integrated with the token core libs above . token_core_plugin , I'm glad to hear advices from you :) .
Nice library! I can't let web3dart depend on Flutter plugins because it also supports other platforms (web and server), but I'll try to add an API so that 3rd-party wallet implementations can be used together with web3dart.
I just published a new version, 1.0.0-rc.0
, which can already delegate some work (signing transactions) to a background isolate, but not yet wallets. I'll try to implement isolate-ready isolates soon, but the api is going to change a bit (will be asynchronous).
But 1.0.0 also lets you integrate third-party wallet libraries into web3dart
by implementing the Credentials
class. You would have to override extractAddress()
and signToSignature()
which both will be used by this library. When using @lhalcyon's library, one could also use await web3client.credentialsFromPrivateKey(await TokenCorePlugin.exportPrivateKey(...))
instead of using wallets directly.
I 've made a simple demo to test the cost on 2 platforms.The result follows: 2m15s on iOS device, 45s on Android device . not feel good :(