Comments (3)
What I initially stated in the linked issue still applies, I prefer not to use the Web Crypto API if it means breaking compatibility, since jsSHA, while not native, is a widely used SHA implementation that works well.
But there is room for improvement here, the first thing would be to study the feasibility of creating an alternative build that uses the Web Crypto API (although it would not be trivial as this build would have to expose a slightly different API since it would have to use asynchronous methods) and the second thing would be to have a build that does not bundle jsSHA to avoid it being included multiple times in case another dependency imports it.
Right now this is not a priority for me, but I leave this issue open to review it in the future, a PR would also be welcome.
from otpauth.
@hectorm I had started some progress here, but I wasn't quite sure how to produce a WebCrypto build & a jsSHA build to maintain the browser compatbility required to upstream the changes.
If this is a good start, you could possibly finish it or provide the insight needed to continue.
from otpauth.
After a benchmark with jsSHA, @noble/hashes and your SubtleCrypto fork, I noticed that the latter is much slower (possibly due to the overhead of the async function), so I don't think I will use the Web Crypto API for the time being.
Although thanks to this I'm thinking about switching to @noble/hashes as it would reduce the minified bundle size from 30 KB to 24 KB (without compression). The idea of providing a variant that doesn't bundle the HMAC library to avoid duplication still stands, but that's outside the scope of this issue, so I'll close this one and create another.
Bun 1.1.10:
Task Name | ops/sec | Average Time (ns) | Margin | Samples |
---|---|---|---|---|
totpValidate | 55 | 18172903.26860257 | ±0.29% | 551 |
totpNobleValidate | 103 | 9625471.101058695 | ±1.04% | 1039 |
totpSubtleValidate | 23 | 42465075.48305099 | ±2.07% | 236 |
Deno 1.43.5:
Task Name | ops/sec | Average Time (ns) | Margin | Samples |
---|---|---|---|---|
totpValidate | 74 | 13454301.075268818 | ±0.85% | 744 |
totpNobleValidate | 73 | 13608163.265306123 | ±1.55% | 735 |
totpSubtleValidate | 19 | 51517948.71794872 | ±0.81% | 195 |
Chromium 125:
Task Name | ops/sec | Average Time (ns) | Margin | Samples |
---|---|---|---|---|
totpValidate | 82 | 12078045.838318126 | ±0.57% | 829 |
totpNobleValidate | 71 | 14077918.424788447 | ±0.60% | 711 |
totpSubtleValidate | 8 | 122246341.46336012 | ±2.72% | 82 |
Firefox 126:
Task Name | ops/sec | Average Time (ns) | Margin | Samples |
---|---|---|---|---|
totpValidate | 62 | 16059390.048154093 | ±0.66% | 623 |
totpNobleValidate | 39 | 25173366.834170856 | ±0.92% | 398 |
totpSubtleValidate | 11 | 88796460.17699115 | ±7.37% | 113 |
Source
import { Bench } from "tinybench";
import * as otpauth from "otpauth";
import * as otpauthNoble from "otpauthNoble";
import * as otpauthSubtle from "otpauthSubtle";
(async () => {
const bench = new Bench({
time: 10000,
warmupTime: 1000,
});
const totp = new otpauth.TOTP({ secret: "NB2W45DFOIZA" });
bench.add("totpValidate", () => {
totp.validate({ token: "000000", window: 1000 });
});
const totpNoble = new otpauthNoble.TOTP({ secret: "NB2W45DFOIZA" });
bench.add("totpNobleValidate", () => {
totpNoble.validate({ token: "000000", window: 1000 });
});
const totpSubtle = new otpauthSubtle.TOTP({ secret: "NB2W45DFOIZA" });
bench.add("totpSubtleValidate", async () => {
await totpSubtle.validate({ token: "000000", window: 1000 });
});
await bench.warmup();
await bench.run();
console.table(bench.table());
})();
from otpauth.
Related Issues (20)
- Use SubtleCrypto in browser HOT 1
- How to solve this ? HOT 1
- Better approach in `uintToBuf` implementation HOT 3
- Package doesn't work for devices other than iOS HOT 5
- TOTP validation not working HOT 3
- More flexibility to the URL generation HOT 2
- Webpack 4 - Error on Compilation HOT 1
- Time left on token HOT 1
- How to show the icon on auth app? HOT 1
- getting null when validate with token can any oine help me to find what exactly issue HOT 1
- Getting Invalid OTP Code HOT 6
- How to generate recovery code and suggest totp.generate() type script string type change to number type HOT 1
- To much code generation with a window size + 1 HOT 1
- nodejs with TOTP validation result always null HOT 1
- Adding image to the totp object HOT 1
- Provide a variant that does not bundle the HMAC library
- Add `type` property HOT 2
- 大哥你好,为什么不尝试提供通过订阅地址创建TOTP实例的方法呢 HOT 4
- code/token doesn't match from authenticator app and generated token from otpauth's generate() function. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from otpauth.