ChainSafe/js-libp2p-noise

Security: Replace js crypto packages with noble

paulmillr opened this issue · 1 comments

paulmillr commented

Following dependencies:

js-libp2p-noise/package.json

Lines 79 to 81 in de40989

"@stablelib/hkdf": "^1.0.1",
"@stablelib/sha256": "^1.0.1",
"@stablelib/x25519": "^1.0.3",

Can be replaced with audited https://github.com/paulmillr/noble-curves and https://github.com/paulmillr/noble-hashes which, I think, you're already using through @libp2p/crypto.

paulmillr commented

Now also https://github.com/paulmillr/noble-ciphers, 1.6x faster than your current stablelib dep