0.2.0 • Published 4 years ago

noble-ripemd160 v0.2.0

Weekly downloads
9
License
MIT
Repository
github
Last release
4 years ago

noble-ripemd160

Fast implementation of RIPEMD160, a cryptographic hash function.

Check out RIPEMD specification.

This library belongs to noble crypto

noble-crypto — high-security, easily auditable set of contained cryptographic libraries and tools.

  • No dependencies, one small file
  • Easily auditable TypeScript/JS code
  • Supported in all major browsers and stable node.js versions
  • All releases are signed with PGP keys
  • Check out all libraries: secp256k1, ed25519, bls12-381, ripemd160

Usage

npm install noble-ripemd160

import ripemd160 from "noble-ripemd160";

const raw = ripemd160(""); // Raw string usage
// "9c1185a5c5e9fc54612808977ee8f548b2258d31"

const uint = ripemd160(new Uint8Array([97, 98, 99])); // Uint8Array usage
// Uint8Array [
//   142, 178,   8, 247,
//   224,  93, 152, 122,
//   155,   4,  74, 142,
//   152, 198, 176, 135,
//   241,  90,  11, 252
// ]
// (typed array representation of "8eb208f7e05d987a9b044a8e98c6b087f15a0bfc")

API

  • ripemd160(message: string): string
  • ripemd160(message: Uint8Array): Uint8Array
    • message: Message which will be hashed
    • Function output type would match the input type.

Security

Noble is production-ready & secure. Our goal is to have it audited by a good security expert.

We're using built-in JS BigInt, which is "unsuitable for use in cryptography" as per official spec. This means that the lib is potentially vulnerable to timing attacks. But:

  1. JIT-compiler and Garbage Collector make "constant time" extremely hard to achieve in a scripting language.
  2. Which means any other JS library doesn't use constant-time bigints. Including bn.js or anything else. Even statically typed Rust, a language without GC, makes it harder to achieve constant-time for some cases.
  3. If your goal is absolute security, don't use any JS lib — including bindings to native ones. Use low-level libraries & languages.
  4. We however consider infrastructure attacks like rogue NPM modules very important; that's why it's crucial to minimize the amount of 3rd-party dependencies & native bindings. If your app uses 500 dependencies, any dep could get hacked and you'll be downloading rootkits with every npm install. Our goal is to minimize this attack vector.

License

MIT (c) Paul Miller (https://paulmillr.com), see LICENSE file.

ripemd160ripemdhash functioncryptographysecurity
@infinitebrahmanuniverse/nolb-nob@everything-registry/sub-chunk-2297centeridentityyadacoinjs
0.2.0

4 years ago

0.1.1

7 years ago

0.1.0

7 years ago