Comments (6)
@cowwoc scrypt functions depend on no state. It's natural for them to be static. People who make a big deal out of it have way too much time on their hands.
As there is no state the functions depend on, it should be free of concurrency hazards. Concurrency safety depends on the algorithm and state invariants, not whether a method is static or not.
from scrypt.
To add to the safety claim above: I'm talking about the Java implementation and haven't inspected the native version, but it's very likely that it also doesn't have any shared state.
from scrypt.
I was actually more interested in the native code since you've got one interface both implementations. Please investigate and if the native code is thread-safe, add a note to the Javadoc that confirms all implementations are thread-safe.
from scrypt.
@michaelklishin thank you for your great comments! You're spot on.
Yes, both the Java and native implementations are safe to call from multiple threads. I don't think javadoc comments are necessary, these days comments should be reserved for cases where a public API isn't thread safe.
from scrypt.
Java Concurrency in Practice (the authoritative book on the matter) seems to disagree: http://stackoverflow.com/a/3778071/14731
Also, if you were right, annotations like @threadsafe would not exist. The reason they exist is because people expect you to document this even if the class is thread safe.
from scrypt.
@wg I think it's worth explicitly documenting.
from scrypt.
Related Issues (20)
- Native support for Windows HOT 2
- Android publishing issue with native platforms. HOT 1
- gradle version would be helpful HOT 1
- Android KITKAT and native scrypt support? HOT 2
- Split project into several implementation modules HOT 3
- SCryptUtil should accept char[] in addition to String
- Security issue: exec of world-readable jar entry in world-writable directory
- Include a proper license header in source files
- Android M and native scrypt support?
- Wrong hash on Android x64 devices HOT 5
- Thank you - Cisco Type 9 password hashes
- Way to disable plain hash to be used?
- Inconsistent SCryptUtil#check behavior when password is an empty string
- I dont know about where is path? - sys/limits.h: No such file or directory
- 64 bit native library?
- JAR library loading fails with '#'
- android libscrypt.dylib HOT 4
- Difference between native and java implementation
- Memory is not released after hashing, but only when JVM exits HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from scrypt.