package: rm buffer as dependency

[dcousens]

@dominictarr - we wouldn't list it here would we? or? We don't want to import https://github.com/feross/buffer/ unnecessarily

[dominictarr]

Oh, I think that was just so we could test the perf of the js stack in node without starting a browser. It shouldn't make a difference in practice, because if you require this from node you'll get crypto but leaving this in means you'll get exactly the same code when you run the tests.

Is there a better reason than that to merge?

[dcousens]

You're thinking of the devDependencies, this is in dependency, an artifact from https://github.com/crypto-browserify/sha.js/pull/41 and I'm just fixing it, but asking.

[dominictarr]

sure, but why would you run crypto-browserify in node except during dev? all other times, you should just get crypto and use the core buffer module.

[dcousens]

@dominictarr we used sha.js recently to test mid-state injection for a performance example, and I certainly didn't want to make it any slower than necessary. But maybe that is a strange use case.

[dominictarr]

@dcousens I think the browserify buffer is actually not slower. I think I heard somewhere that changes in v8 at some point meant that they had to use TypedArrays in node Buffers anyway, so it's more or less the same.

[dominictarr]

A performance difference is also something we can easily measure!

[dominictarr]

crypto-bench results for current master branch

run (N), input-size (bytes), ops (bytes/ms), time (ms)
0, 1, 39.67, 0.025207965717166624
4, 2, 102.94, 0.019428793471925394
6, 3, 164.31, 0.018258170531312762
7, 4, 223.4, 0.017905102954341987
8, 5, 282.05, 0.01772735330615139
9, 6, 314.94, 0.019051247856734618
10, 7, 402.15, 0.017406440382941687
11, 9, 521.28, 0.017265193370165747
12, 11, 630.96, 0.017433751743375175
13, 13, 739.83, 0.017571604287471447
14, 16, 884.96, 0.01807991321641656
15, 20, 1129.6, 0.017705382436260624
16, 25, 1372.5, 0.018214936247723135
17, 30, 1653.9, 0.018138944313440958
18, 37, 2015.39, 0.018358729575913346
19, 45, 2599.65, 0.017310022503029255
20, 56, 2703.68, 0.020712510356255178
21, 68, 3375.52, 0.020145044319097503
22, 84, 4135.32, 0.020312817387771683
23, 102, 5102.04, 0.019992003198720514
24, 125, 5535, 0.022583559168925023
25, 153, 6865.11, 0.022286605749944285
26, 188, 7689.2, 0.02444987775061125
27, 230, 9374.8, 0.02453385672227674
28, 281, 10425.1, 0.026954177897574125
29, 344, 12029.68, 0.028595939376608523
30, 421, 11931.14, 0.035285815102328866
31, 515, 14620.85, 0.03522367030644593
32, 630, 17016.3, 0.037023324694557574
33, 771, 17501.7, 0.04405286343612335
34, 944, 19134.88, 0.0493339911198816
35, 1154, 20633.52, 0.05592841163310962
36, 1412, 21942.48, 0.06435006435006435
37, 1727, 22692.78, 0.076103500761035
38, 2113, 24024.81, 0.08795074758135445
39, 2585, 24919.4, 0.1037344398340249
40, 3162, 25770.3, 0.12269938650306748
41, 3868, 26457.12, 0.14619883040935672
42, 4731, 26730.15, 0.17699115044247787
43, 5787, 27141.03, 0.21321961620469082
44, 7079, 27820.47, 0.2544529262086514
45, 8659, 28314.93, 0.3058103975535168
46, 10592, 28492.48, 0.37174721189591076
47, 12956, 28891.88, 0.4484304932735426
48, 15848, 29001.84, 0.546448087431694
49, 19386, 29079, 0.6666666666666666
50, 23713, 28929.86, 0.819672131147541
51, 29006, 29586.12, 0.9803921568627451
52, 35481, 29157.653465346535, 1.216867469879518
53, 43401, 29946.69, 1.4492753623188406
54, 53088, 29960.554455445545, 1.7719298245614035
55, 64938, 29871.48, 2.1739130434782608
56, 79432, 29885.30693069307, 2.6578947368421053
57, 97162, 29822, 3.2580645161290325
58, 118850, 30000.97087378641, 3.9615384615384617
59, 145378, 29640.174757281555, 4.904761904761905
60, 177827, 29931.27722772277, 5.9411764705882355
61, 217520, 29281.53846153846, 7.428571428571429
62, 266072, 28694.039215686276, 9.272727272727273
63, 325461, 30135.277777777777, 10.8
64, 398107, 30331.961904761905, 13.125
65, 486967, 30435.4375, 16
66, 595662, 29783.1, 20
67, 728618, 29861.39344262295, 24.4
68, 891250, 30211.86440677966, 29.5
69, 1090184, 27953.4358974359, 39
70, 1333521, 29854.94776119403, 44.666666666666664
71, 1631172, 29929.761467889908, 54.5
72, 1995262, 30003.93984962406, 66.5
73, 2440619, 29405.048192771083, 83
74, 2985382, 29268.450980392157, 102
75, 3651741, 24841.775510204083, 147
76, 4466835, 27403.895705521474, 163
77, 5463865, 30187.09944751381, 181
78, 6683439, 27964.179916317993, 239
79, 8175230, 29836.605839416057, 274
80, 10000000, 29411.764705882353, 340

and this branch:

run (N), input-size (bytes), ops (bytes/ms), time (ms)
0, 1, 69.23, 0.01444460494005489
4, 2, 185.36, 0.01078981441519206
6, 3, 309.42, 0.00969555943377933
7, 4, 406.3921568627451, 0.009842709640065618
8, 5, 561.9, 0.008898380494749955
9, 6, 676.62, 0.008867606632969762
10, 7, 796.46, 0.008788890841975743
11, 9, 1024.2, 0.008787346221441126
12, 11, 1251.69, 0.008788118463836892
13, 13, 1473.81, 0.008820675663755844
14, 16, 1819.36, 0.00879430129276229
15, 20, 2267.4, 0.008820675663755844
16, 25, 2710.25, 0.00922424130615257
17, 30, 3156.6, 0.009503896597605019
18, 37, 3869.83, 0.009561143512764127
19, 45, 4978.8, 0.009038322487346349
20, 56, 4903.92, 0.011419435879867535
21, 68, 5696.36, 0.011937447773665991
22, 84, 7407.96, 0.011339154099104206
23, 102, 8695.5, 0.011730205278592375
24, 125, 9408.75, 0.013285505513484789
25, 153, 10872.18, 0.014072614691809739
26, 188, 12193.68, 0.015417823003391921
27, 230, 14496.9, 0.015865460891638903
28, 281, 13198.57, 0.021290185224611454
29, 344, 17251.6, 0.019940179461615155
30, 421, 19222.86, 0.021901007446342532
31, 515, 19642.1, 0.026219192448872573
32, 630, 22257.9, 0.028304557033682422
33, 771, 22343.58, 0.03450655624568668
34, 944, 24015.36, 0.03930817610062893
35, 1154, 24395.56, 0.04730368968779565
36, 1412, 25486.6, 0.055401662049861494
37, 1727, 25663.22, 0.06729475100942127
38, 2113, 26835.1, 0.07874015748031496
39, 2585, 27426.85, 0.0942507068803016
40, 3162, 28015.32, 0.11286681715575621
41, 3868, 28468.48, 0.1358695652173913
42, 4731, 28575.24, 0.16556291390728478
43, 5787, 28645.65, 0.20202020202020202
44, 7079, 29236.27, 0.24213075060532688
45, 8659, 29354.01, 0.2949852507374631
46, 10592, 29551.68, 0.35842293906810035
47, 12956, 29669.24, 0.4366812227074236
48, 15848, 29794.24, 0.5319148936170213
49, 19386, 29854.44, 0.6493506493506493
50, 23713, 29878.38, 0.7936507936507936
51, 29006, 30166.24, 0.9615384615384616
52, 35481, 29804.04, 1.1904761904761905
53, 43401, 28790.762376237624, 1.507462686567164
54, 53088, 29960.554455445545, 1.7719298245614035
55, 64938, 30218.673267326732, 2.148936170212766
56, 79432, 30184.16, 2.6315789473684212
57, 97162, 30120.22, 3.225806451612903
58, 118850, 30295.098039215685, 3.923076923076923
59, 145378, 29930.764705882353, 4.857142857142857
60, 177827, 30484.628571428573, 5.833333333333333
61, 217520, 30151.287128712873, 7.214285714285714
62, 266072, 28415.456310679612, 9.363636363636363
63, 325461, 30135.277777777777, 10.8
64, 398107, 30331.961904761905, 13.125
65, 486967, 30435.4375, 16
66, 595662, 30546.76923076923, 19.5
67, 728618, 30359.083333333332, 24
68, 891250, 30211.86440677966, 29.5
69, 1090184, 30282.88888888889, 36
70, 1333521, 30079.42105263158, 44.333333333333336
71, 1631172, 30489.196261682242, 53.5
72, 1995262, 30462.01526717557, 65.5
73, 2440619, 30318.24844720497, 80.5
74, 2985382, 30308.446700507615, 98.5
75, 3651741, 30431.175, 120
76, 4466835, 29978.758389261744, 149
77, 5463865, 30354.805555555555, 180
78, 6683439, 30105.58108108108, 222
79, 8175230, 30278.62962962963, 270
80, 10000000, 30211.480362537764, 331

it's only 30k/s vs 29.4k that is only 2%, probably not statistically significant. btw, there is a syntax error in package.json

I think we should leave it as is, running the test on the same code as the browser is more valuable than 2% perf difference that is rarely if ever actually used.

[dominictarr]

oh hang on, with smaller inputs (near the start of the output) the difference is much bigger, prehaps because of the cost of allocating typed arrays? (which are zeroed?)

[dcousens]

Interesting!

Certainly I think I agree we could leave Buffer in the package.json, as I can't think of any reasonable scenario where this wouldn't be used only in the browser anyway.

This situation is not true of https://github.com/crypto-browserify/pbkdf2 for example, so I do wonder what might be the best path going forward in terms of applying these changes to other projects in https://github.com/crypto-browserify.

[dcousens]

I do also worry that locking down the Buffer version could lead to eventual widespread package duplication of Buffer in bundling, but, I guess that is simply a reality of SEMVER.

[dcousens]

Closing in favour of https://github.com/crypto-browserify/sha.js/pull/45