Clarification about async docs #440
-
|
I don't quite understand this part from the async docs: https://github.com/ai/nanoid#async "Unfortunately, you will lose Web Crypto API advantages in a browser if you use the asynchronous API. So, currently, in the browser, you are limited with either security (nanoid), asynchronous behavior (nanoid/async), or non-secure behavior (nanoid/non-secure) that will be explained in the next part of the documentation." From what I understand the main difference between sync and async is that sync uses the randomFillSync function and async uses the randomFill function of the Crypto API. According to the docs, randomFillSync is just a synchronous version of randomFill and they are both similar to randomBytes, they just require a Buffer. So sync and async should have the same level of security no? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
|
The benefits is not in security, but in performance (CPU usage). With sync API JS thread could be blocked while CPU collection random noise. With async API, thread could switch to some another task (like processing mouse movements). |
Beta Was this translation helpful? Give feedback.
-
|
Thanks. The way it is written is a bit confusing, as if async is not secure. Maybe change to "with either performance (nanoid), asynchronous behavior (nanoid/async), or non-secure behavior (nanoid/non-secure)"? |
Beta Was this translation helpful? Give feedback.
-
|
Good idea, I will rephrase it a few hours later |
Beta Was this translation helpful? Give feedback.
-
|
Fixed d3ff554 |
Beta Was this translation helpful? Give feedback.
The benefits is not in security, but in performance (CPU usage).
With sync API JS thread could be blocked while CPU collection random noise. With async API, thread could switch to some another task (like processing mouse movements).