25.02.2013, 18:28
(
Last edited by Johnson_boy; 26/02/2013 at 07:01 AM.
)
I think I have at least some clue what I'm talking about.
It's great to have a slow hash when it comes to security, you're absolutely right. But, the impact on the server performance is far from acceptable levels in my opinion.
I ran a test where I had a function called every 50 milliseconds, printing the value of GetTickCount function. I added another timer, repeated every second, hashing the password 65536 times like instructed in this tutorial. Then I drew a figure illustrating the time taken between calls to the 50 ms timer called func().
It is clear that the func() has to wait 300ms extra every time a password is hashed.
Here's the code used for the test:
It's great to have a slow hash when it comes to security, you're absolutely right. But, the impact on the server performance is far from acceptable levels in my opinion.
I ran a test where I had a function called every 50 milliseconds, printing the value of GetTickCount function. I added another timer, repeated every second, hashing the password 65536 times like instructed in this tutorial. Then I drew a figure illustrating the time taken between calls to the 50 ms timer called func().
It is clear that the func() has to wait 300ms extra every time a password is hashed.
Here's the code used for the test:
pawn Code:
#include <a_samp>
native WP_Hash(buffer[], len, const str[]);
forward func();
forward hash();
main()
{
SetTimer("func", 50, true);
SetTimer("hash", 1000, true);
return 1;
}
public func()
printf("%d", GetTickCount());
public hash()
{
new buffer[129], password[] = "password123";
WP_Hash(buffer, 129, password);
for(new i = 0; i != 65535; i++)
{
WP_Hash(buffer, 129, buffer);
}
}