Created
July 3, 2013 20:24
-
-
Save gavinlaking/5922472 to your computer and use it in GitHub Desktop.
Devise "stretches" benchmarked.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require "bcrypt" | |
| require "benchmark" | |
| password = "My_Rea11y-B1G_S3cr3t" | |
| salt = "2d3ec54c5fa27b9e9d8a3e7f1ed9f7f7c4b1c7e2f7da5c" | |
| stretches = [1, 2, 3, 4, 5, 6, 7 ,8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20] | |
| stretches.each do |cost| | |
| puts "\n\n-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-" | |
| puts "Cost = #{cost}" | |
| Benchmark.bm do |x| | |
| x.report { BCrypt::Password.create("#{password}#{salt}", cost: cost) } | |
| end | |
| puts "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-" | |
| end | |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | |
| Cost = 1 | |
| user system total real | |
| 0.000000 0.000000 0.000000 ( 0.001756) | |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | |
| Cost = 2 | |
| user system total real | |
| 0.000000 0.000000 0.000000 ( 0.001400) | |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | |
| Cost = 3 | |
| user system total real | |
| 0.000000 0.000000 0.000000 ( 0.001419) | |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | |
| Cost = 4 | |
| user system total real | |
| 0.000000 0.000000 0.000000 ( 0.001374) | |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | |
| Cost = 5 | |
| user system total real | |
| 0.010000 0.000000 0.010000 ( 0.002582) | |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | |
| Cost = 6 | |
| user system total real | |
| 0.000000 0.000000 0.000000 ( 0.005003) | |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | |
| Cost = 7 | |
| user system total real | |
| 0.010000 0.000000 0.010000 ( 0.009416) | |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | |
| Cost = 8 | |
| user system total real | |
| 0.020000 0.000000 0.020000 ( 0.019601) | |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | |
| Cost = 9 | |
| user system total real | |
| 0.040000 0.000000 0.040000 ( 0.038435) | |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | |
| Cost = 10 | |
| user system total real | |
| 0.080000 0.000000 0.080000 ( 0.077078) | |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | |
| Cost = 11 | |
| user system total real | |
| 0.140000 0.000000 0.140000 ( 0.148893) | |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | |
| Cost = 12 | |
| user system total real | |
| 0.290000 0.000000 0.290000 ( 0.300188) | |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | |
| Cost = 13 | |
| user system total real | |
| 0.600000 0.010000 0.610000 ( 0.595935) | |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | |
| Cost = 14 | |
| user system total real | |
| 1.170000 0.000000 1.170000 ( 1.180438) | |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | |
| Cost = 15 | |
| user system total real | |
| 2.410000 0.000000 2.410000 ( 2.425731) | |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | |
| Cost = 16 | |
| user system total real | |
| 4.790000 0.020000 4.810000 ( 4.812291) | |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | |
| Cost = 17 | |
| user system total real | |
| 9.580000 0.020000 9.600000 ( 9.632311) | |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | |
| Cost = 18 | |
| user system total real | |
| 18.900000 0.040000 18.940000 ( 19.003905) | |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | |
| Cost = 19 | |
| user system total real | |
| 37.570000 0.070000 37.640000 ( 37.741278) | |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | |
| Cost = 20 | |
| user system total real | |
| 75.240000 0.160000 75.400000 ( 75.591003) | |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Changing the number of stretches does alter the string that is emitted from BCrypt::Password, however, if you compare this string to the original password (by using BCrypt::Password.new(encrypted_string) == "your_password") they will decrypt correctly.
In this Ruby implementation, the number of stretches appears to be 'encoded' into the encrypted string: (Note: $17, $18)