Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
App private keys should use longer derivation paths
See original GitHub issueApp private keys should use a longer derivation path to take advantage of all the bits of entropy in the SHA256 hash: (see https://github.com/blockstack/blockstack-browser/blob/master/app/js/utils/account-utils.js#L55)
This PR https://github.com/blockstack/blockstack.js/pull/433 adds a function which will generate such a lengthened key, and it includes a function for generating the old derivation as well (using the hashCode function).
To address this in a backwards compatible fashion, we should:
- On authentication with multi-player apps, check whether an entry already exists for the app (and uses the legacy derived app key), and if so, use the legacy path, otherwise use the new path.
- On authentication with single-player apps, check whether the app is in a whitelisted set of legacy apps (use the current set of single-player apps in the browser as the whitelist) and if so, use the legacy path, otherwise use the new path.
Issue Analytics
- State:
- Created 5 years ago
- Comments:6 (6 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I’m in favor of the longer derivation path by default. I think we have determined that derivation performance is a non-issue.
That’s what I meant 😃 We could easily add a “loading…” dialog on the sign-in page, or do the key derivation once the user is presented with the login dialog (so it occurs before the user clicks “sign-in”), etc.
On my Pixel 2 XL, it took 693 ms. On my laptop, it took 340 ms.