Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Devise "stretches" benchmarked.
require "bcrypt"
require "benchmark"
password = "My_Rea11y-B1G_S3cr3t"
salt = "2d3ec54c5fa27b9e9d8a3e7f1ed9f7f7c4b1c7e2f7da5c"
stretches = [1, 2, 3, 4, 5, 6, 7 ,8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20]
stretches.each do |cost|
puts "\n\n-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-"
puts "Cost = #{cost}"
Benchmark.bm do |x|
x.report { BCrypt::Password.create("#{password}#{salt}", cost: cost) }
end
puts "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-"
end
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Cost = 1
user system total real
0.000000 0.000000 0.000000 ( 0.001756)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Cost = 2
user system total real
0.000000 0.000000 0.000000 ( 0.001400)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Cost = 3
user system total real
0.000000 0.000000 0.000000 ( 0.001419)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Cost = 4
user system total real
0.000000 0.000000 0.000000 ( 0.001374)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Cost = 5
user system total real
0.010000 0.000000 0.010000 ( 0.002582)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Cost = 6
user system total real
0.000000 0.000000 0.000000 ( 0.005003)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Cost = 7
user system total real
0.010000 0.000000 0.010000 ( 0.009416)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Cost = 8
user system total real
0.020000 0.000000 0.020000 ( 0.019601)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Cost = 9
user system total real
0.040000 0.000000 0.040000 ( 0.038435)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Cost = 10
user system total real
0.080000 0.000000 0.080000 ( 0.077078)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Cost = 11
user system total real
0.140000 0.000000 0.140000 ( 0.148893)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Cost = 12
user system total real
0.290000 0.000000 0.290000 ( 0.300188)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Cost = 13
user system total real
0.600000 0.010000 0.610000 ( 0.595935)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Cost = 14
user system total real
1.170000 0.000000 1.170000 ( 1.180438)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Cost = 15
user system total real
2.410000 0.000000 2.410000 ( 2.425731)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Cost = 16
user system total real
4.790000 0.020000 4.810000 ( 4.812291)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Cost = 17
user system total real
9.580000 0.020000 9.600000 ( 9.632311)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Cost = 18
user system total real
18.900000 0.040000 18.940000 ( 19.003905)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Cost = 19
user system total real
37.570000 0.070000 37.640000 ( 37.741278)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Cost = 20
user system total real
75.240000 0.160000 75.400000 ( 75.591003)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
@gavinlaking

This comment has been minimized.

Copy link
Owner Author

@gavinlaking gavinlaking commented Jul 10, 2013

Changing the number of stretches does alter the string that is emitted from BCrypt::Password, however, if you compare this string to the original password (by using BCrypt::Password.new(encrypted_string) == "your_password") they will decrypt correctly.

In this Ruby implementation, the number of stretches appears to be 'encoded' into the encrypted string: (Note: $17, $18)

Cost = 17
$2a$17$cPk5DRDHCmAmM9DsJI1iCOYE.ZYC.vdqxMXERHDSot9GUC425UUQS

Cost = 18
$2a$18$Uyac4vhmgxNpDYWPXZg47.VX.0Ai5Ajlv3Nf1NkeyDSy7GYygp70C
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment