Comments (26)
Web Crypto has incompatible apis but my native crypto module is in a working state
from crypto-browserify.
@lukechilds there also can be issue in message size which you hashing, if you try calculate hash for few megabytes I think numbers will be much different
from crypto-browserify.
@lukechilds this project is meant to be a shim for the node crypto api but usable in browserifiable code (or webpack) we are thus constrained by the api of node and when possible (like with pbkdf2) we do use web crypto but for most of the time we can't.
That being said what you are saying is 100% true and I actually wrote a different module that tried to expose a single interface that used the best primitives in the browser or node.
from crypto-browserify.
This is ridiculous! the native should be ~20 times faster! at the very least 10x faster! I modified those tests to find wether webcrypto was faster... and at 10k input size, it is faster, but only 30% faster.
That we are within this range, just shows that a centralized committee really can't develop nice things. This isn't the first example when user space was better than a web browser core thing https://softwareengineering.stackexchange.com/questions/278778/why-are-native-es6-promises-slower-and-more-memory-intensive-than-bluebird
I would wager that a web assembly implementation could easily beat webcrypto across the board, at any input size.
from crypto-browserify.
@dominictarr you may find this interesting: https://blog.bitjson.com/just-released-sha-256-sha-512-sha-1-and-ripemd-160-using-webassembly-6179275330c0
from crypto-browserify.
Yes we have, and its implemented in the random number generator when it exists, but as of now its not reached maturity and is only in leading-edge builds of most browsers. As Mozilla and Google (and I suppose Microsoft in a few years) add support for other functions that getRandomBytes
then we can start backing certain functions with the CryptoAPI.
from crypto-browserify.
yeah. we need crypto before that comes out
(also it's hella weird and complicated compared to node's crypto,
which to be honest, is what you come to expect with standards bodies)
but when it does come out, it will probably be more optimized that any thing
we can implement with pure js, (although, maybe asm.js can help here)
So, certainly falling back to web crypto api where it's available would be a natural move.
Yes, so I'll be sure to get in touch! I think the most important thing is a to enable streaming.
(which I noticed in the spec parts where on hold, awaiting progress on the spec for streams)
from crypto-browserify.
I agree with you comments, and myself mostly think of its performance once implemented in browsers!
I guess other people may wonder about it as well, what do you think about adding small paragraph mentioning it to README?
from crypto-browserify.
That is a good idea.
crypto-browserify has gotten a lot more serious recently. I should update the readme.
from crypto-browserify.
Seems like the way to go is implementing node crypto api using current javascript libraries doing the implementation (like crypto-js or sjcl).
This way we can use a nice api now, with solid implementations, and as soon as native implementation is available in browsers we can use it.
from crypto-browserify.
Just FYI: Web Crypto API is shipping enabled by default in Chrome M37. https://code.google.com/p/chromium/issues/detail?id=245025#c280
from crypto-browserify.
http://www.w3.org/TR/WebCryptoAPI/ W3C Last Call Working Draft 25 March 2014
If you have any feedback on this spec I recommend submitting it ASAP!
from crypto-browserify.
+1 for using these native algorithms where available, unless it will make it slower :)
from crypto-browserify.
the web crypto api is entirely async which means it's only really practical for pbkdf2
from crypto-browserify.
for the streaming apis you could probably make something that still worked, as long as you used them as streams.
from crypto-browserify.
or, to create a fresh polyfil.
that would probably be good anyway, if you wanted to use libsodium instead of openssl etc
from crypto-browserify.
The problem is with the sync update method of you didn't need to support
that...
On Thu, Dec 18, 2014, 6:23 PM Dominic Tarr [email protected] wrote:
or, to create a fresh polyfil.
that would probably be good anyway, if you wanted to use libsodium instead
of openssl etc—
Reply to this email directly or view it on GitHub
#32 (comment)
.
from crypto-browserify.
yeah, it would be annoying to make every hash need to be async... but I guess unless we can persuade w3c to give us a sync api then that is the choice we have. it would be better to use hardened crypto in the browsers than a js polyfil if possible.
from crypto-browserify.
so basically what we'd want for this would be crypto-browserifiable, an api that uses the most secure/fastest implementation no matter what the platform is
from crypto-browserify.
so I have finally started work on a browserifiable crypto library that uses the native apis in both node and the browser https://github.com/calvinmetcalf/native-crypto
from crypto-browserify.
👍 ping @KAepora
from crypto-browserify.
Is there any activity on this front?
from crypto-browserify.
Noted, thanks
from crypto-browserify.
Sorry to revive an old issue but I thought anyone who ends up here via Google may find this interesting.
I was interested how the perf of Web Crypto hashing would stack up against pure JS implementations.
Tested in a loop, hashing with the Web Crypto API is about 95% slower than just using a pure JS implementation.
https://jsperf.com/sha256-native-vs-js/1
That might well be largely due to the async overhead, if you're hashing a single huge file you might get better results using the async Web Crypto API.
But these results are very relevant to proof-of-work style use cases.
from crypto-browserify.
@calvinmetcalf yep completely understand and agree.
To clarify I wasn't advocating for the use of Web Crypto in crypto-browserify
, just seemed like people in this issue assumed Web Crypto should be used because it's native and will therefore be faster (I made the same assumption). Just wanted to show that for many use cases that isn't necessarily the case.
from crypto-browserify.
So since the spec has been largely implemented in this module, can this issue be closed?
from crypto-browserify.
Related Issues (20)
- [Security] update browserify-sign to the latest HOT 3
- the argument to define auth tag length in crypto.createDecipheriv cannot work HOT 1
- generateKeyPair (Sync) missing HOT 3
- Special characters in encryption key - different output
- Add a quickstart guide to documentation HOT 1
- Add support for SHA3
- Usage without polyfills HOT 6
- Missing crypto.randomUUID HOT 1
- Missing crypto.getRandomValues
- typescript support HOT 5
- Module not found error while building react app on Ubuntu HOT 8
- Crypto Module not found
- Is there a reason crypto.subtle is missing in most polyfills including this one? HOT 1
- when using pbkdf2Sync with rollup getting createhmac is not a function
- Is this package safe to use in 2023? HOT 1
- feat: crypto.randomInt([min, ]max[, callback])
- Homepage in package.json is wrong (error 404) HOT 1
- Status of this project HOT 1
- Performance issue when running standalone HOT 8
- randomBytes is required from randombytes which requires from crypto HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from crypto-browserify.