Make wasm target #3
Comments
|
This definitely seems like a good/fun thing to try to support. Are you familiar with any other scenarios/applications though? As I said in the other thread, as far as I'm aware the two main things to support would be:
Client-side (partial-)hashing seems like a fairly incremental improvement, but support for PAKEs is potentially very cool. Any other examples? |
|
To be entirely honest, I think it would be useful to have a plug and play password handler that webapps can use so that you see a lot less plaintext storage. Passwords/hashes aren't necessarily my forte, so I'm not super aware of other interesting applications. I can think about it though |
|
Okay. I would expect most web apps to have some kind of backend to deal with user authentication, and supporting whatever languages those are written in is the raison d'etre of libpasta. I'm not familiar with any apps which do the password storage/auth in the app itself (i.e. client-side JS), but wouldn't be surprised either! |
|
Also, a quick attempt to wasm everything shows that ring is probably the hardest thing to deal with. cargon and fastpbkdf2 are also slightly awkward, but have adequate pure-rust alternatives. |
|
...calling developers who actually know how web apps are done... 😂 |
|
maybe a first pass should be trying to wasm-fy ring? |
|
Might actually justify bringing briansmith/ring#256 back from the dead. Because I am sure nobody wants to write the perl necessary to make the asm->wasm conversion happen! |
|
...i certainly don't |
|
After discussing with @RongxinZhang, there's a nice use case for client-side password hashing, involving encrypting/decrypting files based on a password. In which case, performance is going to be crucial, and wasm is highly desirable. |
See conversation here
It seems like libpasta could have some interesting use cases to make web password handling less terrible, so having a wasm target/example would be helpful
The text was updated successfully, but these errors were encountered: