英文:
Bcrypt takes a lot of time in go?
问题
我在GO gin中使用了bcrypt
包,奇怪的是,当我对任何密码进行Bcrypt处理时,响应时间需要500毫秒到900毫秒。
代码如下:
package main
import (
"github.com/gin-gonic/gin"
"golang.org/x/crypto/bcrypt"
)
type User struct {
ID uint
Name string
Email string
Password []byte
}
func (user *User) HashPassword(password []byte) {
hashedPassword, _ := bcrypt.GenerateFromPassword(password, 12)
user.Password = hashedPassword
}
func main() {
r := gin.Default()
r.GET("/user", func(c *gin.Context) {
user := User{
Name: "test",
Email: "test@gmail.com",
Password: []byte("password"),
}
user.HashPassword(user.Password)
c.JSON(200, gin.H{
"message": "done",
})
})
r.Run(":5050")
}
我从Postman进行了基准测试,结果为状态:200 OK 时间:800毫秒
。
为什么这个包需要这么长的时间呢?
英文:
I have used bcrypt
package with GO gin, the weird thing is when I Bcrypt any password it takes like 500ms to 900ms in response
the code:
package main
import (
"github.com/gin-gonic/gin"
"golang.org/x/crypto/bcrypt"
)
type User struct {
ID uint
Name string
Email string
Password []byte
}
func (user *User) HashPassword(password []byte) {
hashedPassword, _ := bcrypt.GenerateFromPassword(password, 12)
user.Password = hashedPassword
}
func main() {
r := gin.Default()
r.GET("/user", func(c *gin.Context) {
user := User{
Name: "test",
Email: "test@gmail.com",
Password: []byte("password"),
}
user.HashPassword(user.Password)
c.JSON(200, gin.H{
"message": "done",
})
})
r.Run(":5050")
}
I benchmark from Postman status: 200 OK Time: 800ms
Why this pkg take this time!?
答案1
得分: 8
这就是 BCrypt 这样的密钥派生函数的整个目的,它在计算上是昂贵的,以使暴力破解变得不切实际。
但是成本因素为12太高了。你应该将其降低到10或8。
bcrypt.GenerateFromPassword(password, 10) // 10 是默认成本
这是一个使用不同 BCrypt 成本因素的演示计时测试:
func test(cost int) {
t1 := time.Now()
_, _ = bcrypt.GenerateFromPassword([]byte("test pass"), cost)
t2 := time.Now()
fmt.Println(cost, ": ", t2.Sub(t1))
}
func main() {
for i := 4; i < 15; i++ {
test(i)
}
}
输出:
4 : 2.2077ms
5 : 3.404ms
6 : 6.8319ms
7 : 14.732ms
8 : 23.4149ms
9 : 46.2739ms
10 : 98.964ms
11 : 187.7988ms
12 : 371.6627ms
13 : 754.1349ms
14 : 1.5391565s
英文:
That's the whole purpose of a key derivation function such as BCrypt is to be computationally expensive in order to make brute-forcing impractical.
But the cost factor of 12 is too high. You should reduce it to 10 or 8.
bcrypt.GenerateFromPassword(password, 10) // 10 is the default cost
Here's a demo timing test with different BCrypt cost factors:
func test(cost int) {
t1 := time.Now()
_, _ = bcrypt.GenerateFromPassword([]byte("test pass"), cost)
t2 := time.Now()
fmt.Println(cost, ": ", t2.Sub(t1))
}
func main() {
for i := 4; i < 15; i++ {
test(i)
}
}
Output:
4 : 2.2077ms
5 : 3.404ms
6 : 6.8319ms
7 : 14.732ms
8 : 23.4149ms
9 : 46.2739ms
10 : 98.964ms
11 : 187.7988ms
12 : 371.6627ms
13 : 754.1349ms
14 : 1.5391565s
答案2
得分: 7
bcrypt
的目标是执行计算时间长且难以通过暴力破解破解的哈希操作。这种低性能实际上是一种特性。
英文:
The objective of bcrypt
is to perform hashes that are long to compute and thus hard to break by brute force. This low performance is actually a feature.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论