Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenSSL::PKCS5.pbkdf2_hmac_sha1 slowness #1073

Closed
mauricioszabo opened this issue Oct 2, 2013 · 7 comments
Closed

OpenSSL::PKCS5.pbkdf2_hmac_sha1 slowness #1073

mauricioszabo opened this issue Oct 2, 2013 · 7 comments
Labels
openssl
Milestone
Non-Release

Comments

@mauricioszabo
Copy link

OpenSSL::PKCS5.pbkdf2_hmac_sha1 is about 10x slower than Ruby 1.9's version:

# On Ruby 1.9.3:
[4] pry(main)> Benchmark.bmbm { |x| 
  x.report { 
    OpenSSL::PKCS5.pbkdf2_hmac_sha1("Foo", "Bar", 2000, 1024) 
  }
}
Rehearsal ------------------------------------
   0.140000   0.000000   0.140000 (  0.133370)
--------------------------- total: 0.140000sec

       user     system      total        real
   0.130000   0.000000   0.130000 (  0.130077)

# On JRuby 1.7.4:
[4] pry(main)> Benchmark.bmbm { |x| 
  x.report { 
    OpenSSL::PKCS5.pbkdf2_hmac_sha1("Foo", "Bar", 2000, 1024) 
  }
}
Rehearsal ------------------------------------
   2.200000   0.000000   2.200000 (  1.922000)
--------------------------- total: 2.200000sec

       user     system      total        real
   2.040000   0.000000   2.040000 (  1.837000)
@headius
Copy link
Member

headius commented Oct 9, 2013

A quick profile shows this is a performance issue in krypt. JRuby uses krypt to implement pkcs5:

    total        self    children       calls  method
----------------------------------------------------------------
     39.16        0.01       39.15         321  Krypt::PBKDF2#f
     38.22        0.00       38.22           8  Benchmark.bmbm
     38.21        0.00       38.21          14  Benchmark.measure
     38.21       -0.00       38.21           7  OpenSSL::PKCS5.pbkdf2_hmac_sha1
     38.20        0.00       38.20     1922440  Kernel.tap
     38.20        0.00       38.20           7  Krypt::PBKDF2#generate
     38.20       -0.96       39.16         328  Integer#upto
     31.97        0.36       31.62      640675  Krypt::HMAC.digest
     20.47        0.70       19.76     1281348  Krypt::HMAC#hash_pad
     20.29        0.34       19.95     1922656  Class#new_proxy
     20.19        0.04       20.15         231  Array#each
     19.79        0.30       19.49      640675  Krypt::HMAC#initialize
     19.63        0.00       19.63           4  Enumerable.inject
     18.60        0.01       18.59          98  Array#map
     18.16       12.58        5.58     1281374  String#each_byte
     11.31        0.41       10.90      640674  Krypt::HMAC#digest
      9.10        0.64        8.45      640674  Krypt::HMAC#process_key
      8.36        8.36        0.00   121088821  String#<<
      7.83        5.06        2.77      640670  Fixnum#times
      6.76        0.33        6.43      640678  Krypt::Helper::XOR.xor!

We probably should raise this with the krypt folks like @emboss, @abstractj, and @vipulnsward. It appears that pbkdf2 is implemented in pure Ruby, so there's room to improve.

@vipulnsward vipulnsward mentioned this issue Oct 9, 2013
Open
@vipulnsward
Copy link
Contributor

@mauricioszabo @headius Started tracking at krypt/krypt#40

@nobuf
Copy link

nobuf commented Jan 15, 2014

+1

@headius
Copy link
Member

headius commented Jan 17, 2014

krypt master seems to be significantly faster already, so maybe we just need a release + incorporation into JRuby.

krypt/krypt#40 (comment)

@abstractj
Copy link

Hi guys, I've already did the codebase synchronization (krypt/krypt#43) and I'm testing atm against JRuby 1.7 branch. I'm also coordinating Krypt 0.0.2 release on the next (17/02) Monday, @vipulnsward will help double checking that PR

In addition, after Krypt release I think we can remove this folder https://github.com/jruby/jruby/tree/jruby-1_7/lib/ruby/shared/krypt and add the released gem as dependency. Am I wrong?

Let me know if the date doesn't work for you.

@tthef
Copy link

tthef commented Oct 14, 2014

This performance issue is still present in JRuby 1.7.16.

@kares
Copy link
Member

kares commented Mar 20, 2015

since jruby-openssl 0.9.6 OpenSSL::PKCS5 is implemented natively (without krypt being involved), please gem install jruby-openssl on any JRuby (make sure you're no hitting the unable to override default gems issue which was present in some JRuby version < 1.7.18) - "out-of-the-box" fixed since JRuby 1.7.20

@kares kares closed this as completed Mar 20, 2015
@enebo enebo added this to the Non-Release milestone Apr 28, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
openssl
Projects
None yet
Milestone
Non-Release
Development

No branches or pull requests
8 participants
@headius @enebo @abstractj @kares @mauricioszabo @nobuf @vipulnsward @tthef