noble-hashes
argon2-browser
Our great sponsors
| noble-hashes | argon2-browser | |
|---|---|---|
| 2 | 5 | |
| 470 | 349 | |
| - | - | |
| 8.5 | 0.0 | |
| about 1 month ago | about 1 year ago | |
| JavaScript | JavaScript | |
| MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
noble-hashes
argon2-browser
-
Argon2 is live
It works by the way on CLI and mobile, and mobile is especially slow on some low-end android devices. It *should* also be possible to make parallelism work for the WebAssembly version, but for some reason the issues with threading were never ironed out. I'm not sure whether it's worth investigating that, or to just add SIMD support where possible, and wait for webcrypto to add argon2.
-
The quest for a family-friendly password manager
> So a project like this? https://github.com/antelle/argon2-browser
Notice how they don't provide any benchmarks that aren't Native or WASM?
https://soatok.blog/2022/12/29/what-we-do-in-the-etc-shadow-...
This doesn't help iOS users in Lockdown mode. It may also break for users who run their OS in FIPS mode.
-
How would I hash passwords on the client side with JS
Ideally I'd like to use something like of argon2 to derive my key because that's the de facto best algorithm for the purpose. There are a few WASM ports of it but they don't seem maintained and they don't play nice with the bundler I'm using.
-
How did LastPass master passwords get compromised?
> is there really fast enough implementations available to the browser
Browsers have pretty good support for surfacing native code SHA family hash functions which you can use to speed up PBKDF2. It's called the Web Crypto API and it's available even in Internet Explorer 11. [1]
If you're willing to drop support for IE11 and older phones like the iPhone 4S, then you get access to WebAssembly. With WASM you can get a bunch of custom algorithms to be quite fast. The Argon2 browser WASM library claims to be only about 10x slower than optimized native code. [2]
It's not perfect, but it isn't as bad as it used to be with just pure JavaScript.
--
[1] https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_...
[2] https://github.com/antelle/argon2-browser
What are some alternatives?
crypto-js - JavaScript library of crypto standards.
xxhash-wasm - A WebAssembly implementation of xxHash
DeadHash-js - DeadHash - JS version
opaque-ke - An implementation of the OPAQUE password-authenticated key exchange protocol
hash-library - Portable C++ hashing library
telegram-react - Experimental Telegram web client with tdlib, webassembly and react js under the hood
JeChain - JeChain decentralized application platform and smart contract blockchain network
draft-irtf-cfrg-opaque - The OPAQUE Asymmetric PAKE Protocol
nodejs-hashing - There is a class in the crypto module called Hash that we are going to use in the example.
pass-import - A pass extension for importing data from most existing password managers
yescrypt - Password-based key derivation function and password hashing scheme building upon scrypt
KeeWeb - Free cross-platform password manager compatible with KeePass