I'm using jbcrypt to hash passwords in a project. Performance is about 500 ms when validating passwords on the hardware I am using (log_rounds set to 12). However, after a while with regular use the performance time suddenly drops to a whopping 15 seconds. The drop is very sudden with no buildup and stays constant until the process is restarted.
Profiling shows that the extra time is used in the key(..) method.
Source: http://jbcrypt.googlecode.com/svn/tags/jbcrypt-0.3m/src/main/java/org/mindrot/jbcrypt/BCrypt.java
This method only calculates the hash using basic functions like xor, and, shift etc. There is no object assignments, usage of external resources, random number generation etc.
Performance does not drop for other functionality in the same process. Memory allocation is stable and low. Full GC is not involved.
Has anyone seen this before or any clue to why this happens? I could understand a variable performance that to some degree was dependent on other circumstances, but this is a very sudden and stable drop from about 500ms. to about 15000 ms.
It's possible that SecureRandom is running out of entropy and causing this issue.
See How to solve performance problem with Java SecureRandom?
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With