Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide Hash utilities: Deno.hash / Deno.password #28277

Open
Tracked by #28200
CyanChanges opened this issue Feb 24, 2025 · 5 comments
Open
Tracked by #28200

Provide Hash utilities: Deno.hash / Deno.password #28277

CyanChanges opened this issue Feb 24, 2025 · 5 comments

Comments

@CyanChanges
Copy link
Contributor

Part of #28200

Deno.hash / Deno.password

In Node.js, we do hash like:

import { createHash } from 'node:crypto'

const hash = createHash('sha256')
  .update("pa$$word")
  .digest('hex')

node:crypto only have support for algorithm supported in openssl.
But in nowadays, we may use more likely to use argon2, yescrypt for hashing passwords,
but those isn't in node:crypto, if we can just

const hash = await Deno.password.hash("pa$$word", {
 algorithm: "argon2id",
 memory: 2,
 time: 2
})

and

const hash = await Deno.hash.sha256("whatever")

it will be more easier to use, and
implementation in native will also be faster.
(or maybe use wasm to avoid v8 internal binding costs)
@CyanChanges CyanChanges mentioned this issue Feb 20, 2025
Closed
2 tasks
@JOTSR
Copy link
Contributor

JOTSR commented Feb 27, 2025

Is it good to add specific Deno functionality rather than adding it to jsr:@std when it does not need to rely on internal op-code ?
For this specific issue it can use either WebCrypto or wasm and so don't be tied to the Deno namespace.
It is generally preferable to implement functionality using standard web APIs and cross-platform technologies.

import { hash, password } from 'jsr:@std/crypto'

@CyanChanges
Copy link
Contributor Author

Is it good to add specific Deno functionality rather than adding it to jsr:@std when it does not need to rely on internal op-code ? For this specific issue it can use either WebCrypto or wasm and so don't be tied to the Deno namespace. It is generally preferable to implement functionality using standard web APIs and cross-platform technologies.

import { hash, password } from 'jsr:@std/crypto'

Actually good, but does any packages in @std/ using wasm now?

@0f-0b
Copy link
Contributor

0f-0b commented Feb 28, 2025

@std/crypto uses Wasm. denoland/std#5899 is the issue for password hashing support in @std/crypto.

@CyanChanges
Copy link
Contributor Author

I thought put more things in Deno will provide slightly better DX. Since you don't need to import them (from internet).

@BlackAsLight
Copy link

I thought put more things in Deno will provide slightly better DX. Since you don't need to import them (from internet).

There are both pros and cons to putting things under the Deno namespace. Common pros are a native integration and the performance that comes with that. Common cons are bigger compile sizes, specially for those not making use of it, and locking in the features out of fear of breaking older scripts.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@0f-0b @BlackAsLight @JOTSR @CyanChanges