pop
/
vibed
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
quotesdb
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2dd808cdd3'
${ noResults }
vibed/quotesdb/.beans/quotesdb-58hh--triage-4-wor...

3.6 KiB
Raw Blame History

title status type priority created_at updated_at
[TRIAGE] 4-word passphrase crate selection for WASM target (no_std/wasm32 constraints) completed task critical 2026-03-10T23:32:08Z 2026-03-10T23:32:08Z
This is a triage decision ticket. It must be resolved before dependent implementation tickets can proceed. 4-word passphrase crate selection: which crate generates 4-word passphrases and compiles for wasm32-unknown-unknown without std thread-local RNG or filesystem access? 1. **passphrase-wordlist** — small crate, check WASM compatibility. 2. **bip39** — BIP-39 mnemonic words, widely available. Returns 12-word phrases by default; can take first 4 words. 3. **Custom word list** — embed a static word list in `src/lib.rs` and select 4 random words using `getrandom` with the `js` feature for WASM-compatible randomness. 1. Research the options above and choose the best approach for this project. 2. Update ticket 03bb91 (auth_code generator) and `Cargo.toml` (ticket 1f5bb5) with the chosen crate. 3. Mark this ticket done with a note on the chosen approach in the body or a comment.

Chosen: Option 3 — Custom embedded word list + rand 0.10 + getrandom 0.4 (wasm_js)

Research findings

Option Verdict
passphrase-wordlist Does not exist on crates.io. Eliminated.
bip39 WASM-compatible (8.8M downloads, used in web crypto wallets). Rejected: carries BIP-39 cryptocurrency semantics; word list (2048 entries) is tuned for phonetic distinctness, not general memorability; introduces unnecessary complexity.
Custom word list Chosen. Minimal deps, full control, idiomatic Rust.

Implementation approach

Word list: EFF Short Word List 1 — 1296 common English words designed for memorable passphrases. Source: https://www.eff.org/files/2016/09/08/eff_short_wordlist_1.txt Generate the Rust array: curl -s <url> | awk '{print $2}'

RNG: rand::rngs::OsRng from rand = "0.10".

  • Does NOT use thread-local storage (safe for wasm32)
  • Uses getrandom as its entropy backend
  • For WASM targets: add getrandom = { version = "0.4", features = ["wasm_js"] } in the wasm32 cfg section so Cloudflare Workers (which expose crypto.getRandomValues()) can seed the RNG

Version note: rand 0.10 requires getrandom ^0.4. The wasm_js feature in getrandom 0.4 replaces the old js feature from getrandom 0.2. The latest uuid 1.21.0 also requires getrandom ^0.4, so both deps share one getrandom version in the dependency graph.

Cargo.toml changes (update ticket 1f5bb5)

[dependencies]
rand = "0.10"

[target.'cfg(target_arch = "wasm32")'.dependencies]
# Enables OsRng entropy via Web Crypto API (crypto.getRandomValues())
# Required by both rand (OsRng) and uuid (v4) on wasm32 targets
getrandom = { version = "0.4", features = ["wasm_js"] }

Correction: Tickets 7a0d9f and 1f5bb5 previously referenced getrandom = "0.2", features = ["js"] — this is outdated. uuid 1.21 and rand 0.10 both require getrandom ^0.4, which renamed the feature to wasm_js. Both those tickets have been updated.

Updated tickets

  • 03bb91 — updated with full implementation plan (code, word list steps, tests)
  • 1f5bb5 — corrected getrandom version to 0.4/wasm_js; added rand 0.10 dep
  • 7a0d9f — corrected getrandom version to 0.4/wasm_js (was 0.2/js)
`chore(quotesdb): resolve triage — 4word-passphrase-crate-selection-for-wasm-target-nostdwasm32`