I know that it's been a long time since this question was asked, but I'm still interested in the answer.
The fact that these two lines produce different answers is surprising: $ node -e 'var crypto = require("crypto"); var h = crypto.createHash("sha1"); h.update("b\u1234"); console.log(h.digest("base64"));' psoXs3ctjMiPHg4ZAx773K5mtdI= $ node -e 'var crypto = require("crypto"); var h = crypto.createHash("sha1"); h.update(new Buffer("b\u1234")); console.log(h.digest("base64"));' GhnU4aaaonx7JIHaRNhySj4LUQM= Most other implicit conversions of strings use 'utf8'. The situation with output is more of a concern. Most other features that take optional encoding provide a Buffer when no value is provided (see http.js). The performance cost of Buffer -> string -> Buffer is probably ~0 for 'binary', but that is just odd. I don't have an answer that doesn't break backward compatibility, but the current situation is not ideal. --Martin On Friday, 18 March 2011 08:53:10 UTC-7, Trevor Burnham wrote: > > I'm confused about the state of 'binary' encoding. For some time now, > its description in the Buffers section of the docs has read: > > > This encoding method is depreciated and should be avoided in favor of > Buffer objects where possible. This encoding will be removed in future > versions of Node. > > Meanwhile, in methods like `cipher.update`, 'binary' is the default > encoding for both input and output, and the function returns a string > (making it impossible to use a buffer directly). So what am I to make > of this? Should I be using a different encoding for encryption, or > not? > > Someone posted essentially this same question 9 months ago but got no > response: > http://groups.google.com/group/nodejs/browse_thread/thread/272b39e41292617a/ > > Apparently the crypto module is slated to be spun off into a separate > project (http://nodejs.debuggable.com/2011-01-26.txt); and there are > known bugs involving the base64 encoding (https://github.com/joyent/ > node/issues/738/ <https://github.com/joyent/node/issues/738/>). All of > this makes me nervous about relying on > `crypto` in general, even though it's intended as a fairly thin > wrapper around `openssl`. What should I do? -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to nodejs@googlegroups.com To unsubscribe from this group, send email to nodejs+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en