alextekartik
commented
1 year ago Thanks for looking at this. Do you have a suggestion (in code) for a better password generation ?
Closed timshadel closed 8 months ago
alextekartik
commented
1 year ago Thanks for looking at this. Do you have a suggestion (in code) for a better password generation ?
neiljaywarner
commented
8 months ago @timshadel @timshadel what if you change this from "/// FOR DEMONSTRATION PURPOSES ONLY -- THIS IMPLEMENTATION IS INSECURE!" to "/// FOR DEMONSTRATION PURPOSES ONLY -- do not use in production as-is!" or something, and perhaps making an issue for this.
PRs being left open a long tiume contribute to an overall feeling that a package is not well maintained. I get it, there's a reason on this one, it's just free advice.thank you
alextekartik
commented
8 months ago Yes I kind of left this on the side because I wanted to properly explained why this is unsecure - sorry I'm not an expert in crypto. Will merge and add some notes. Thanks
neiljaywarner
commented
8 months ago Totally Understandable Thanks for the response
....sent from my phone
On Tue, Jan 30, 2024, 12:01 PM Alexandre Roux @.***> wrote:
Yes I kind of left this on the side because I wanted to properly explained why this is unsecure - sorry I'm not an expert in crypto. Will merge and add some notes. Thanks
— Reply to this email directly, view it on GitHub https://github.com/tekartik/sembast.dart/pull/339#issuecomment-1917597288, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAXBGYJLSXDBEAWCVCG6WHLYREYOPAVCNFSM6AAAAAAVRWX33OVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMJXGU4TOMRYHA . You are receiving this because you commented.Message ID: <tekartik/sembast .@.***>
alextekartik
commented
8 months ago @timshadel @neiljaywarner I have added some notes based on the original comment of the PR, see https://github.com/tekartik/sembast.dart/commit/5b02bf2d6e291b1a3e8405be2e9ab7949427b24f
I hope you're ok with the notice. Thanks!
This is an excellent demonstration on how to bring encryption to sembast, but it is an entirely insecure implementation. The encryption is unauthenticated, the password conversion to bytes is massively underpowered (password hashes like bcyrpt, scrypt, argon2id, and pbkdf2 are some examples of correct algorithms), and the random bytes generator doesn't use a cryptographically secure source of randomness. I don't think that you should actually supply a production-ready version of encryption. But this is enough to help anyone see how the pieces should work.