[英]Is my Bcrypt taking too long to execute on my server?
I'm running a server with php version 5.3, using VPS hosting - the server specs are 1.98 GHz with 1344 MB of ram - and I've tried two different Bcrypt functions, both of which take about 15 seconds, irrespective of the number of rounds (I've tried anywhere between 4 and 16, and they all take around 15 seconds).我正在使用 php 版本 5.3 运行服务器,使用 VPS 托管 - 服务器规格为 1.98 GHz,内存为 1344 MB - 我尝试了两种不同的 Bcrypt 函数,这两种函数都需要大约 15 秒,无论数量多少轮(我尝试了 4 到 16 轮,它们都需要大约 15 秒)。
Is this correct?这样对吗? And if not, how long should it take on average, say, with 12 rounds?
如果不是,那么平均需要多长时间,比如 12 轮?
The class I'm using right now is this:我现在使用的课程是这样的:
<?
class Bcrypt {
private $rounds;
public function __construct($rounds = 11) {
if(CRYPT_BLOWFISH != 1) {
throw new Exception("bcrypt not supported in this installation. See http://php.net/crypt");
}
$this->rounds = $rounds;
}
public function hash($input) {
$hash = crypt($input, $this->getSalt());
if(strlen($hash) > 13)
return $hash;
return false;
}
public function verify($input, $existingHash) {
$hash = crypt($input, $existingHash);
return $hash === $existingHash;
}
private function getSalt() {
$salt = sprintf('$2a$%02d$', $this->rounds);
$bytes = $this->getRandomBytes(16);
$salt .= $this->encodeBytes($bytes);
return $salt;
}
private $randomState;
private function getRandomBytes($count) {
$bytes = '';
if(function_exists('openssl_random_pseudo_bytes') &&
(strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN')) { // OpenSSL slow on Win
$bytes = openssl_random_pseudo_bytes($count);
}
if($bytes === '' && is_readable('/dev/urandom') &&
($hRand = @fopen('/dev/urandom', 'rb')) !== FALSE) {
$bytes = fread($hRand, $count);
fclose($hRand);
}
if(strlen($bytes) < $count) {
$bytes = '';
if($this->randomState === null) {
$this->randomState = microtime();
if(function_exists('getmypid')) {
$this->randomState .= getmypid();
}
}
for($i = 0; $i < $count; $i += 16) {
$this->randomState = md5(microtime() . $this->randomState);
if (PHP_VERSION >= '5') {
$bytes .= md5($this->randomState, true);
} else {
$bytes .= pack('H*', md5($this->randomState));
}
}
$bytes = substr($bytes, 0, $count);
}
return $bytes;
}
private function encodeBytes($input) {
// The following is code from the PHP Password Hashing Framework
$itoa64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
$output = '';
$i = 0;
do {
$c1 = ord($input[$i++]);
$output .= $itoa64[$c1 >> 2];
$c1 = ($c1 & 0x03) << 4;
if ($i >= 16) {
$output .= $itoa64[$c1];
break;
}
$c2 = ord($input[$i++]);
$c1 |= $c2 >> 4;
$output .= $itoa64[$c1];
$c1 = ($c2 & 0x0f) << 2;
$c2 = ord($input[$i++]);
$c1 |= $c2 >> 6;
$output .= $itoa64[$c1];
$output .= $itoa64[$c2 & 0x3f];
} while (1);
return $output;
}
}
// How to use the above
/*
$bcrypt = new Bcrypt(15);
$hash = $bcrypt->hash("password");
$isGood = $bcrypt->verify('password', $hash);
*/
BCrypt is taking too long. BCrypt 花费的时间太长。
And you want to select your cost
parameter so that it take around ~250 ms.并且您想选择
cost
参数,使其花费大约 250 毫秒。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.