anvilresearch/webcrypto

Security Considerations

christiansmith opened this issue · 2 comments

There's a standard-readme section stubbed out for security considerations. We need to brainstorm a bit and identify the topics that need to be covered here. This section shouldn't eclipse the rest of the README, but we need to cover the most critical things for developers depending on webcrypto to be aware of.

Please braindump into this issue if you're aware of anything and when we have rough consensus on the most important items, I'll write a draft.

cc: @thelunararmy, @EternalDeiwos, @keelerh, @dmitrizagidulin, et al

The first item that comes to my mind is our incorporation of secp256k1 curve for ECDSA. At this time it's a non-standard and experimental addition and should be flagged appropriately.

After rsa-oaep's implementation, there were several hashing algorithms omitted from the encryption and decryption function calls due to a lack of support from node. The only supported hash is sha-1, which is known for being a vulnerable hash. W3C's api explicitly facilitates several sha hashing derivatives, namely sha-1, sha-256, sha-384 and sha-512, and these are able to generate /import/export keys in the current iteration, but needs to be supported by Node at some point.