Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Ability to use browser's native implementation

See original GitHub issue

With the Web Cryptography API becoming a W3C Recommendation as of 26th of January of 2017, we could safely implement pbkdf2 natively for some browsers (i.e. Chrome and Firefox). I know we are browserifying crypto here, but maybe we could fallback to the native methods if implemented.

Would you be interested in having such a fallback in this repo? It’s pretty popular and other people seem to use it a lot in the browser. Here’s how I implemented it for github.com/jjperezaguinaga/deniable.website.

const pbkdf2Native = (password, salt, iterations, digest, mode, keylen) =>
    (window.crypto.subtle||window.crypto.webkitSubtle).importKey('raw', password, {name: 'PBKDF2'}, false, ['deriveKey'])
        .then(baseKey => (window.crypto.subtle||window.crypto.webkitSubtle).deriveKey({name: 'PBKDF2', salt, iterations, hash: digest, baseKey, {'name': mode, 'length': keylen*8}, true, ['encrypt', 'decrypt']))
        .then(key => (window.crypto.subtle||window.crypto.webkitSubtle).exportKey('raw', key))

I can make a PR to detect window and leverage on it based on the options given, since it seems the API has some limitations (e.g. keylen for mode has to be either 128 or 256 bits, see https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/deriveKey). You can see how lesspass is using it alongside this repository for a reference of what we could do.

👋 @jprichardson!