Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Question: What is the difference between Libpasta and other hashing libraries? #2

Closed
roughpandaz opened this issue Dec 31, 2017 · 3 comments
Closed

Question: What is the difference between Libpasta and other hashing libraries? #2

roughpandaz opened this issue Dec 31, 2017 · 3 comments
Projects
v0.1

Comments

@roughpandaz
Copy link

@samscott89

Thank you for this package.

Questions:

  1. Why should someone use LibPasta over existing hashing libraries e.g bcrypt or in-built hash functions? (It would be great to include this in the website)
  2. Is there any way to run this in the browser? To perform hashing and to verify hashes locally without contacting a server?
@samscott89
Copy link
Member

Hi!
Thanks for the comment/interest/feedback! I think these are great questions, and addressing (1) in particular is definitely something I want to make more visible.

In the short-term:

  1. Choosing the correct hashing library is not realistic for the average developer, and can be quite intimidating. libpasta is aiming to make this simple by removing the need to choose the right algorithm and/or parameters. See here for some more information on what makes a "good" password hashing implementation. There are a lod of other nice features of libpasta, but for someone starting out with a new project, this is the key one.

  2. This might well be possible with the "wasm" target (some details here and here). I have been considering testing support for this anyway, but if you have a specific use case in mind that would be great?
    This would also lay a nice foundation for future work doing client-side hashing or even extending to more complex verification techniques such as PAKEs.

@avadacatavra avadacatavra mentioned this issue Jan 4, 2018
Open
@samscott89 samscott89 added this to To Do in v0.1 Jan 8, 2018
@roughpandaz
Copy link
Author

Thank you for the information!

One use cause for browser hashing would be to hash files on the browser. The idea is that when files are stored on decentralized file services such as IPFS, one can easily verify their integrity without needing to trust the hashes provided by the provider e.g an IPFS node.

@samscott89
Copy link
Member

Thanks again for raising this issue @RongxinZhang.
I've tried to address the comparison between libpasta and other options here. Let me know if this clarifies things!
I should additionally say, password hashing != hashing in general. I don't think use cases for hashing like IPFS are relevant here. See here for an introduction we have on password hashing theory.

@samscott89 samscott89 moved this from To Do to Done in v0.1 Feb 17, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
No open projects
v0.1
  
Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@roughpandaz @samscott89