My beef is with Web Crypto. Why are encrypt and decrypt async?

phpnode · 2024-11-14T10:24:05 1731579845

Because otherwise the main thread will be blocked while those operations take place and the whole ui will freeze

maxbond · 2024-11-14T10:26:12 1731579972

You'll find this convention in other JS crypto stuff as well, like libraries for password hashing. Eg:

https://www.npmjs.com/package/@node-rs/argon2

https://www.npmjs.com/package/bcrypt

Though the bcrypt package does provide an additional sync API. (You should be using argon2 though.)

mcraiha · 2024-11-14T10:29:06 1731580146

Yes, but you can offer both sync and async methods. Web Crypto only has async.

phpnode · 2024-11-14T10:32:35 1731580355

Programmers who are not aware of the pitfalls will use the sync version and build apps that have terrible ux, so it’s better to not give them the option unless there’s a really good reason to, so what’s the use case here?

xboxnolifes · 2024-11-15T00:28:50 1731630530

You're forced make all of your code async all the way down to lowest crypto calls, even if you handle the async way higher in abstraction layers.

Timon3 · 2024-11-15T08:05:59 1731657959

How would you "handle the async" at a different layer? If you were to call sync crypto methods, they'd block the event loop no matter where you call them - unless you call them from a Worker, at which point they're async calls again.

The only real use case would be small scripts where you don't care about sync/async, but experience shows that devs will abuse the sync functions in scenarios where the async ones would be appropriate.

andrewstuart · 2024-11-14T10:27:34 1731580054

Cause they can be slow.

tomovo · 2024-11-14T10:30:26 1731580226

And we're still awaiting any of their benefits.