Zeta

If the server operator is evil and sees the md5 hashes, they can still crack the password. Keeping the md5 hash on the client side has zero security benefit. It...

Having looked into it a little more, it looks like "password shucking" attacks would also work for argon2id+md5 (the usual example given is bcrypt+md5, but the attack doesn't depend on...

The issue is probably the lack of `hl_blocking` calls in `hl_semaphore_acquire` (and also `hl_condition_acquire` and `hl_condition_wait`).

It works, as long as you don't try to access the contents of the native array. The type being read is determined at the site of array access, so doing...

Access violation is the Windows equivalent of a segfault, looks like HL turns those into real exceptions somehow.

Testing locally on my Linux machine gives ``` SIGNAL 11 _Test2.$Test2_Fields_.main(Test2.hx:4) .init(?:1) fish: Job 1, 'hl out.hl' terminated by signal SIGSEGV (Address boundary error) ``` HL catches the segfault too...

I think catching this in the generator would require inserting extra type checking during the typed expr -> bytecode phase in every place where there is a potential type "conversion"....

What about checking on array access/allocation instead, at that point the generator should be able to determine whether the element type is a type parameter. https://github.com/HaxeFoundation/haxe/blob/72175301c3dbd3eaa70f3479e6e46cb620242eef/src/generators/genhl.ml#L2001-L2031 The example with `trace(x)`...

> but real support for Int64 ( replacing abstract class with the native for the target) will give better performace and will lead to more clean code That already happen...

> You correctly point that that there's a problem with `PosInfos` handling vs. rest arguments, but then your design doesn't explain how to actually resolve that in the context of...