Suppressing invalid usage is bad design

[rijnhard]

so take the following misconception: looking at the docs you could easily draw the wrong conclusion that you can instantiate an algorithm and then simply update and reuse it. Being "smart" devs this looks like a good idea as it presumably increases performance.

But that isn't true, here's what happens:

import { shake128 } from 'js-sha3';

const shake = shake128.create(64); // trying to be smart cookie

shake.update('t1');
console.info(shake.hex()); // prints a82b7e93c21689d6
shake.update('t2'); // this should error as it's finalized already
console.info(shake.hex());  // prints a82b7e93c21689d6

In this case, calling update on a finalized hasher is invalid, but since it doesn't error you aren't aware that your usage is invalid, which can lead to some nasty bugs in userland.

[rijnhard]

unless of course you should be able to create and carry on reusing one instance, in which case finalizing should not be implemented for shake/cshake based functions (including kmac etc).

[emn178]

It has to finalize before result returns. Node crypto also does this. You're right. I should throw an error when you try to update again after finalizing. I will add this feature.

[emn178]

v0.8.0 will throw an error