aes-js
aes-js copied to clipboard
Update README.md to include an example for PBKDF in browser with js-sha256
Using the pbkdf2
library in the browser is not very straightforward.
Including a simpler yet secure way for the browsers in the readme is good.
I think this is out of scope for this readme though, no?
There are so many ways, and sha2-256 is not a great way to create a key from a password. It is subject to rainbow table attacks but also, in your example could yield different keys on computers in different countries, since the password isn’t normalized to a specific form.
Algorithms like pbkdf2 explicitly state which normalized form to use and there are a lot of other nuances that may be missed, which when it comes to deterministic key generation is important.
I’m also a firm believer in key stretching, which is why I usually use scrypt. ;)
There is a pbkdf2
example a couple of lines before, and for that, I thought we can add another example that can be used in the browsers. So, I don't think it's out of scope and I think it can help new users a lot.
I don't think sha256
can be subjected to rainbow table attacks with the presents of salt
.
I added the NFKC
normalization to address the issue you mentioned.
Thanks :)