Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

suggestion: add bcrypt and argon2 support to std/crypto #5899

Open
rossholdway opened this issue Sep 3, 2024 · 7 comments
Open

suggestion: add bcrypt and argon2 support to std/crypto #5899

rossholdway opened this issue Sep 3, 2024 · 7 comments
Labels
crypto feedback welcome We want community's feedback on this issue or PR suggestion a suggestion yet to be agreed

Comments

@rossholdway
Copy link

Is your feature request related to a problem? Please describe.

Thoughts on supporting something such as Bun.password - https://bun.sh/docs/api/hashing ?

Describe the solution you'd like

Perhaps std/crypto would be a good place to support something similar? Wrapping the native Rust implementation(s) via WASM.

Describe alternatives you've considered

Currently to use something like argon2 or bcrypt with Deno, you must find and trust a third-party developers wrapper, or attempt bindings yourself. Providing this as part of std/crypto, a trusted dependancy, could help to improve security for those needing password hashing, and improve ease of implementation.

Thanks!
@iuioiua
Copy link
Contributor

iuioiua commented Sep 3, 2024

My immediate impression is that a new API isn't needed. Rather, we could add documentation to @std/crypto, if anything.

@iuioiua iuioiua added suggestion a suggestion yet to be agreed crypto feedback welcome We want community's feedback on this issue or PR labels Sep 3, 2024
@iuioiua iuioiua changed the title Password hashing suggestion: add password hashing Sep 3, 2024
@rossholdway
Copy link
Author

Thanks for the comment @iuioiua, although I have to admit I don’t quite understand. I can’t see how this could be achieved using the current @std/crypto?

@halvardssm
Copy link
Contributor

FYI, I have already done some of the prework for supporting password hashing in the crypto module in stdext. This can be moved to std if the team wants to add support for password hashing in the future 💪🏻

@rossholdway
Copy link
Author

With the introduction of Deno 2.1 and direct Wasm imports, does this change anything here?

@kt3k
Copy link
Member

kt3k commented Dec 11, 2024

We already use wasm in std/crypto implementation https://github.com/denoland/std/tree/main/crypto/_wasm

Do you suggest adding bcrypt and argon2 to std/crypto digest API? Or do you suggest API specific to password hashing?

@rossholdway
Copy link
Author

@kt3k bcrypt and argon2 in std/crypto digest API would be great. Perhaps with a supporting example at https://docs.deno.com/examples.

A password specific hashing API would make for a nice developer experience, but perhaps something that could come later, building on top of digest API support.

@kt3k kt3k changed the title suggestion: add password hashing suggestion: add bcrypt and argon2 support to std/crypto Dec 12, 2024
@faipena
Copy link

faipena commented Feb 12, 2025
edited
Loading

Is there any progress on the argon2 support? That would be great for modern webapps opting to choose deno.
How hard of a change is it? Would it be manageable for a first time contributor? What would be the required sub-tasks? I would love to help if able to!

@0f-0b 0f-0b mentioned this issue Feb 28, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
crypto feedback welcome We want community's feedback on this issue or PR suggestion a suggestion yet to be agreed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@kt3k @rossholdway @iuioiua @halvardssm @faipena