Using blowfish is a bit of a concern; I would recommend using something else, like libsodium or something that is a bit less malleable. Looking through the source of blowfish.js it looks ok, even tho it only supports ECB or CBC mode. Note however that it defaults to ECB, which is problematic. If you consider keeping this, I’d switch to CBC (based on what your library supports), but it would be easier to swap for another library, like libsodium.js or the like.
Additionally, if you use anything in CBC mode, you do need some sort of HMAC against the cipher to avoid padding oracles and the like. You also want to avoid ECB mode, as that can be hugely problematic. Again, something like libsodium or another library that handles some of these “cryptographic right answers” in an opinionated way would be great.
Lastly, you probably want to do some sort of key stretching, esp if you’re going to keep passwords as keys; even the 10 character limit is pretty short (10 chars == 80 bits); there are various algorithms here, but Argon2id is p good in the JS space. There’s quite a few others as well; PBKDF2 is terrible in many ways, but 100k iterations of PBKDF2 would be ok.
note: I’m not saying “blowfish” is a concern per se, although I generally would recommend more standard ciphers to clients, it’s more along the lines of “typing the letters ‘A-E-S’ into your program is a code smell:” most developers don’t understand the intricacies of cryptography, and it’s easier to use something opinionated that does “the right thing” for you.
I just looked at libsodium.js library. It seems to be safer than blowfish.js, but more complicated, too.
I’ll try to implement it as soon as I can.
Thank you for your recommendation!
this is true; most of this is because it’s doing some of the things that you would have to do to implement some of the cryptography in a safe way, but also because it’s a different set of algorithms and libsodium.js is implementing some other moving parts surrounding it. Luckily, getting things right is mostly easier with libsodium.
Oh, one other benefit to using libsodium I neglected to mention: it includes an Argon2id implementation if you want to use that for key stretching.
Using blowfish is a bit of a concern; I would recommend using something else, like libsodium or something that is a bit less malleable. Looking through the source of blowfish.js it looks ok, even tho it only supports ECB or CBC mode. Note however that it defaults to ECB, which is problematic. If you consider keeping this, I’d switch to CBC (based on what your library supports), but it would be easier to swap for another library, like libsodium.js or the like.
Additionally, if you use anything in CBC mode, you do need some sort of HMAC against the cipher to avoid padding oracles and the like. You also want to avoid ECB mode, as that can be hugely problematic. Again, something like libsodium or another library that handles some of these “cryptographic right answers” in an opinionated way would be great.
Lastly, you probably want to do some sort of key stretching, esp if you’re going to keep passwords as keys; even the 10 character limit is pretty short (10 chars == 80 bits); there are various algorithms here, but Argon2id is p good in the JS space. There’s quite a few others as well; PBKDF2 is terrible in many ways, but 100k iterations of PBKDF2 would be ok.
note: I’m not saying “blowfish” is a concern per se, although I generally would recommend more standard ciphers to clients, it’s more along the lines of “typing the letters ‘A-E-S’ into your program is a code smell:” most developers don’t understand the intricacies of cryptography, and it’s easier to use something opinionated that does “the right thing” for you.
I just looked at libsodium.js library. It seems to be safer than blowfish.js, but more complicated, too. I’ll try to implement it as soon as I can. Thank you for your recommendation!
absolutely happy to help!
this is true; most of this is because it’s doing some of the things that you would have to do to implement some of the cryptography in a safe way, but also because it’s a different set of algorithms and libsodium.js is implementing some other moving parts surrounding it. Luckily, getting things right is mostly easier with libsodium.
Oh, one other benefit to using libsodium I neglected to mention: it includes an Argon2id implementation if you want to use that for key stretching.