Replace JS implementation of SHA256 & PBKDF2

[andywer]

Create a new package (as there doesn‘t seem to be any yet) for each SHA256 & PBKDF2 that uses web crypto in the browser and the crypto module in node. Use Uint8Array.

Benchmark how much faster the native implementation is and how much lower the bundled size of key-store becomes.

[famod]

We are currently evaluating this module for production use in a rather security-sensible environment. Is this issue just about footprint and efficiency or also about "correctness". Or in other words: Are there any known functional bugs in the current approach that would be solved by this switch?

[andywer]

Hey @famod!

No, it is correct and safe to use, it could just be made more efficient. We are actually using it in production for a crypto wallet, so I'd like to think this shows that we really trust it.

The other question is how to store the encrypted key store data. You might wanna use node-keytar, either as a replacement for key-store or to store the encrypted key store data (would mean encrypting the data twice, but if you also need to support a runtime environment where you cannot use node-keytar then key-store could still provide you with a uniform API and you just switch the underlying storage layer).