Use more lightweight sha256 implementation

[webmaster128]

Using sh256 via create-hash pulls in a bunch of dependencies we don't need, like cipher-base, md5.js and ripemd160.

cipher-base is particularly problematic for everyone switching from Webpack 4 to Webpack 5 or using other reasonably modern bundlers because it requires node's stream: https://github.com/crypto-browserify/cipher-base/blob/v1.0.4/index.js#L7. This causes hard to debug and support problems downstream, like cosmos/cosmjs#925.

I think it would be much nicer to use a dependency that only implements sha256. This could be sha.js or something else, but sha.js is used already anyways.

[webmaster128]

If I get a 👍 for such a change, I'm happy to create a PR.

[beeman]

I'd love to see this. I'm facing the Webpack 5 compatibility issue today, it would be great not to depend on cipher-base.

[webmaster128]

As briefly mentioned in #173, we still pull in both md5 and ripemd160 as well as helper dependencies through pbkdf2 because this package supports those non-SHA2 algorithms.

Ideally we had a pbkdf2 implementation which uses dependency injection to get the hash algorihm. pbkdf2 in @noble/hashes works like that. However, it does not use the SubtleCrypto API in browsers and modern Node for pbkdf2. But I'd be surprised if this was really necessary for the usage in BIP39.

[webmaster128]

Here are noble crypro benchmarks from my machine. The 3rd block with 2048 iterations is what matters to this use case. So as long as we are happy with those timings, we can build this lib on @noble/hashes for both sha256 and pbkdf2.

==== PBKDF2-HMAC-SHA512 ====
PBKDF2-HMAC-SHA512 512 node x 3,633 ops/sec @ 275μs/op
PBKDF2-HMAC-SHA512 512 hash-wasm x 859 ops/sec @ 1ms/op
PBKDF2-HMAC-SHA512 512 stablelib x 513 ops/sec @ 1ms/op
PBKDF2-HMAC-SHA512 512 noble x 512 ops/sec @ 1ms/op
PBKDF2-HMAC-SHA512 512 noble (async) x 500 ops/sec @ 1ms/op

PBKDF2-HMAC-SHA512 1024 node x 1,845 ops/sec @ 541μs/op
PBKDF2-HMAC-SHA512 1024 hash-wasm x 480 ops/sec @ 2ms/op
PBKDF2-HMAC-SHA512 1024 stablelib x 258 ops/sec @ 3ms/op
PBKDF2-HMAC-SHA512 1024 noble x 256 ops/sec @ 3ms/op
PBKDF2-HMAC-SHA512 1024 noble (async) x 250 ops/sec @ 3ms/op

PBKDF2-HMAC-SHA512 2048 node x 921 ops/sec @ 1ms/op
PBKDF2-HMAC-SHA512 2048 hash-wasm x 241 ops/sec @ 4ms/op
PBKDF2-HMAC-SHA512 2048 stablelib x 128 ops/sec @ 7ms/op
PBKDF2-HMAC-SHA512 2048 noble x 127 ops/sec @ 7ms/op
PBKDF2-HMAC-SHA512 2048 noble (async) x 122 ops/sec @ 8ms/op

PBKDF2-HMAC-SHA512 16384 node x 112 ops/sec @ 8ms/op
PBKDF2-HMAC-SHA512 16384 hash-wasm x 29 ops/sec @ 34ms/op
PBKDF2-HMAC-SHA512 16384 stablelib x 15 ops/sec @ 63ms/op
PBKDF2-HMAC-SHA512 16384 noble x 16 ops/sec @ 62ms/op
PBKDF2-HMAC-SHA512 16384 noble (async) x 15 ops/sec @ 66ms/op

PBKDF2-HMAC-SHA512 65536 node x 28 ops/sec @ 35ms/op
PBKDF2-HMAC-SHA512 65536 hash-wasm x 6 ops/sec @ 144ms/op
PBKDF2-HMAC-SHA512 65536 stablelib x 4 ops/sec @ 247ms/op
PBKDF2-HMAC-SHA512 65536 noble x 3 ops/sec @ 252ms/op
PBKDF2-HMAC-SHA512 65536 noble (async) x 3 ops/sec @ 265ms/op

PBKDF2-HMAC-SHA512 262144 node x 7 ops/sec @ 141ms/op
PBKDF2-HMAC-SHA512 262144 hash-wasm x 1 ops/sec @ 509ms/op
PBKDF2-HMAC-SHA512 262144 stablelib x 1 ops/sec @ 967ms/op
PBKDF2-HMAC-SHA512 262144 noble x 0 ops/sec @ 1006ms/op
PBKDF2-HMAC-SHA512 262144 noble (async) x 0 ops/sec @ 1028ms/op

[aulneau]

for anyone interested, there is scure-bip39 (audited) which is much, much lighter weight, and by the author of noble-hashes

[paulmillr]

the issue is not relevant anymore

bip39/package.json

Line 38 in a7ecbfe

"@noble/hashes": "^1.2.0"