argon2-browser
clients
argon2-browser | clients | |
---|---|---|
5 | 183 | |
349 | 8,299 | |
- | 1.5% | |
0.0 | 10.0 | |
about 1 year ago | 5 days ago | |
JavaScript | TypeScript | |
MIT License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
argon2-browser
-
Argon2 is live
It works by the way on CLI and mobile, and mobile is especially slow on some low-end android devices. It *should* also be possible to make parallelism work for the WebAssembly version, but for some reason the issues with threading were never ironed out. I'm not sure whether it's worth investigating that, or to just add SIMD support where possible, and wait for webcrypto to add argon2.
-
The quest for a family-friendly password manager
> So a project like this? https://github.com/antelle/argon2-browser
Notice how they don't provide any benchmarks that aren't Native or WASM?
https://soatok.blog/2022/12/29/what-we-do-in-the-etc-shadow-...
This doesn't help iOS users in Lockdown mode. It may also break for users who run their OS in FIPS mode.
-
How would I hash passwords on the client side with JS
Ideally I'd like to use something like of argon2 to derive my key because that's the de facto best algorithm for the purpose. There are a few WASM ports of it but they don't seem maintained and they don't play nice with the bundler I'm using.
-
How did LastPass master passwords get compromised?
> is there really fast enough implementations available to the browser
Browsers have pretty good support for surfacing native code SHA family hash functions which you can use to speed up PBKDF2. It's called the Web Crypto API and it's available even in Internet Explorer 11. [1]
If you're willing to drop support for IE11 and older phones like the iPhone 4S, then you get access to WebAssembly. With WASM you can get a bunch of custom algorithms to be quite fast. The Argon2 browser WASM library claims to be only about 10x slower than optimized native code. [2]
It's not perfect, but it isn't as bad as it used to be with just pure JavaScript.
--
[1] https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_...
[2] https://github.com/antelle/argon2-browser
clients
-
Insult Passphrase Generator
I didn't go chasing through all the typescript but I'd presume adding a new PassphraseGenerationStrategy https://github.com/bitwarden/clients/blob/desktop-v2024.3.0/...
-
Bitwarden Broken in Linux
Breaking: Open Source software have BUGS!
https://github.com/bitwarden/clients/issues/6560#issuecommen...
-
Any update on importing Proton Pass .json/.zip into Bitwarden?
Bug fix for this has been merged last week. It is not in 2023.10 though, so you will have to wait for the next release of the web vault.
-
Bitwarden Adds Support for Passkeys
It's definitely out (https://github.com/bitwarden/clients/releases/tag/browser-v2... just looks like browsers haven't approved it yet.
-
Genetics firm 23andMe says user data stolen in credential stuffing attack
I'm not sure about any specifics beyond that both are getting support for them (for the keepass ecosystem I'm sure about other mobile clients, but I don't think the feature request to support passkeys has been acknowledged by the keepass2android dev sadly). Here's the keepassxc PR with some details about the implementation, and what should be done in future work on passkey support: https://github.com/keepassxreboot/keepassxc/pull/8825
Bitwarden has a few blogs if you search for bitwarden passkeys, but from skimming one it didn't seem to go into technical details (though I didn't watch the videos). I guess you could look through the PRs: https://github.com/bitwarden/clients/pulls?q=is%3Apr+passkey... but I don't really feel like doing that.
- Bitwarden: Free, open-source password manager
-
Is it really legit?
Bitwarden has regular external audits (here is the 2022 audit) and the code (both server side and client side) is open source (here f.e).
-
Bitwarden Secrets Manager now generally available
/bitwarden_license directory
Now the secret manager is in the `bitwarden_license` directory so it is not a GPL covered product and not open source but covered by BITWARDEN LICENSE AGREEMENT [3]. It does not allow you to use it as OSS.
[1] https://github.com/bitwarden/clients/tree/master/bitwarden_l...
- Bitwarden autofill login is awful.
-
My Extension is not acting right, can't get into my Vault
There are apparently known problems (GitHub Issues #5807) in both Edge and FireFox with this newly released browser extension update (2023.7.0), which should hopefully be fixed soon. In the meantime, on Edge, you can revert to version 2023.5.1 for Chromium, which is still available from the Google Chrome store:
What are some alternatives?
xxhash-wasm - A WebAssembly implementation of xxHash
vaultwarden - Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
opaque-ke - An implementation of the OPAQUE password-authenticated key exchange protocol
gnome-clipboard-history - Gnome Clipboard History is a clipboard manager Gnome extension that saves what you've copied into an easily accessible, searchable history panel.
telegram-react - Experimental Telegram web client with tdlib, webassembly and react js under the hood
bw_web_builds - Web vault builds for vaultwarden
noble-hashes - Audited & minimal JS implementation of hash functions, MACs and KDFs.
link-preview-js - Parse and/or extract web links meta information: title, description, images, videos, etc. [via OpenGraph], runs on mobiles and node.
draft-irtf-cfrg-opaque - The OPAQUE Asymmetric PAKE Protocol
Ditto - Ditto is an extension to the Windows Clipboard. You copy something to the Clipboard and Ditto takes what you copied and stores it in a database to retrieve at a later time.
pass-import - A pass extension for importing data from most existing password managers
bitwarden - Bitwarden client applications (web, browser extension, desktop, and cli) [Moved to: https://github.com/bitwarden/clients]