|
@@ -16,6 +16,28 @@ They also need some support packages:
|
|
|
|
|
|
|
|
## Utils
|
|
## Utils
|
|
|
|
|
|
|
|
|
|
+### Crypto
|
|
|
|
|
+
|
|
|
|
|
+We use [libsodium](https://libsodium.gitbook.io/doc/) for encryption, key
|
|
|
|
|
+generation etc. Specifically, we use its WebAssembly and JS wrappers made using
|
|
|
|
|
+Emscripten, maintained by the original authors of libsodium themselves -
|
|
|
|
|
+[libsodium-wrappers](https://github.com/jedisct1/libsodium.js).
|
|
|
|
|
+
|
|
|
|
|
+Currently, we've pinned the version to 0.7.9 since later versions remove the
|
|
|
|
|
+crypto_pwhash_* functionality that we use (they've not been deprecated, they've
|
|
|
|
|
+just been moved to a different NPM package). From the (upstream) [release
|
|
|
|
|
+notes](https://github.com/jedisct1/libsodium/releases/tag/1.0.19-RELEASE):
|
|
|
|
|
+
|
|
|
|
|
+> Emscripten: the crypto_pwhash_*() functions have been removed from Sumo
|
|
|
|
|
+> builds, as they reserve a substantial amount of JavaScript memory, even when
|
|
|
|
|
+> not used.
|
|
|
|
|
+
|
|
|
|
|
+This wording is a bit incorrect, they've actually been _added_ to the sumo
|
|
|
|
|
+builds (See this [issue](https://github.com/jedisct1/libsodium.js/issues/326)).
|
|
|
|
|
+
|
|
|
|
|
+Updating it is not a big problem, it is just a pending chore - we want to test a
|
|
|
|
|
+bit more exhaustively when changing the crypto layer.
|
|
|
|
|
+
|
|
|
## UI
|
|
## UI
|
|
|
|
|
|
|
|
The UI package uses "react". This is our core framework. We do use layers on top
|
|
The UI package uses "react". This is our core framework. We do use layers on top
|
Manav Rathi