You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Why should someone use LibPasta over existing hashing libraries e.g bcrypt or in-built hash functions? (It would be great to include this in the website)
Is there any way to run this in the browser? To perform hashing and to verify hashes locally without contacting a server?
The text was updated successfully, but these errors were encountered:
Hi!
Thanks for the comment/interest/feedback! I think these are great questions, and addressing (1) in particular is definitely something I want to make more visible.
In the short-term:
Choosing the correct hashing library is not realistic for the average developer, and can be quite intimidating. libpasta is aiming to make this simple by removing the need to choose the right algorithm and/or parameters. See here for some more information on what makes a "good" password hashing implementation. There are a lod of other nice features of libpasta, but for someone starting out with a new project, this is the key one.
This might well be possible with the "wasm" target (some details here and here). I have been considering testing support for this anyway, but if you have a specific use case in mind that would be great?
This would also lay a nice foundation for future work doing client-side hashing or even extending to more complex verification techniques such as PAKEs.
One use cause for browser hashing would be to hash files on the browser. The idea is that when files are stored on decentralized file services such as IPFS, one can easily verify their integrity without needing to trust the hashes provided by the provider e.g an IPFS node.
Thanks again for raising this issue @RongxinZhang.
I've tried to address the comparison between libpasta and other options here. Let me know if this clarifies things!
I should additionally say, password hashing != hashing in general. I don't think use cases for hashing like IPFS are relevant here. See here for an introduction we have on password hashing theory.
@samscott89
Thank you for this package.
Questions:
The text was updated successfully, but these errors were encountered: