Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

On the claims in @node-rs/argon2 README #841

Open
ranisalt opened this issue May 20, 2024 · 1 comment
Open

On the claims in @node-rs/argon2 README #841

ranisalt opened this issue May 20, 2024 · 1 comment

Comments

@ranisalt
Copy link

Hello! Looking for ways to improve argon2 I stumbled upon @node-rs/argon2, and I noticed it makes some bold claims on the README. Most notably, these caught my attention:

  • Faster performance.

  • Smaller file size after npm installation(476K vs node-argon2 3.7M).

It's clear that you're pointing out the upsides of using @node-rs/argon2 over alternatives, but I failed to verify them.

I'll assume that "faster performance" is compared to node-argon2, since your own benchmark compares directly against it.

Running the benchmark unmodified with @node-rs/[email protected] vs [email protected] on my machine (a Ryzen 7 7800X3D running Linux 6.9.1) I get the following results:

@node-rs/argon x 107 ops/sec ±0.42% (85 runs sampled)
node-argon x 77.82 ops/sec ±0.32% (78 runs sampled)

But there's a catch: @node-rs/argon2 defaults are much lower (2 vs 3 iterations, 19K vs 64K memory) and that makes the benchmark unfair. Normalizing the parameters so that both use 3 iterations and 64K memory results in:

@node-rs/argon x 21.56 ops/sec ±0.57% (55 runs sampled)
node-argon x 77.06 ops/sec ±0.41% (75 runs sampled)

So node-argon2 is almost 4x faster than @node-rs/argon2. For that reason, I suggest you specify in the README what is the scenario where @node-rs/argon2 is faster and how much, so that users are not mislead into expecting different results should they migrate.

I could not reproduce the installation size either, for node-argon2 that may be because it was changed after the README was written, but I couldn't reproduce either the installation size for @node-rs/argon2:

In a new folder, with an empty project initialized with yarn init -y and after running yarn add @node-rs/argon2

1.37 MB (1,368,064 bytes)

In a new folder, with an empty project initialized with yarn init -y and after running yarn add argon2

1.45 MB (1,454,080 bytes)

That again may be unrealistic if you consider node-argon2 ships all binaries and @node-rs/argon2 selects according to the OS and CPU, so a project that requires cross-architecture support (i.e. an Electron app that supports ARM and x86) will have a higher install size for @node-rs/argon2. In any case, I don't get how the mentioned sizes were measured and I can't get even close to that.

I hope you can clarify my doubts, let me know if I also left something unclear in the text. Thanks in advance!
@aleclarson
Copy link

Solid post that deserves a reply.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aleclarson @ranisalt