Skip to content

Instantly share code, notes, and snippets.

@kommendorkapten
Created September 4, 2023 13:16
Show Gist options
  • Save kommendorkapten/fceca17d9966da5e446ea23619180553 to your computer and use it in GitHub Desktop.
Save kommendorkapten/fceca17d9966da5e446ea23619180553 to your computer and use it in GitHub Desktop.
Bcrypt timing test
package main
import (
"fmt"
"time"
"golang.org/x/crypto/bcrypt"
)
var guesses = []string{
"4d457b76e5f6d0aef98d7afaf09654869b29cdfda8c673fb871a77d2e48ce945",
"7382dbaa5833d99439fb2f32f6eab080ad83011c5590d707c43b833fd5d5d111",
"b79192dd8faa68340a0081df567dfa7bddb8e6576461dbc0077ebbfc9db88e5f",
"094628eba62f1e625c473524f16a0f7c41c517a06dfb5e1d9fec29f8157f84b8",
"1d457b76e5f6d0aef98d7afaf09654869b29cdfda8c673fb871a77d2e48ce945",
"2382dbaa5833d99439fb2f32f6eab080ad83011c5590d707c43b833fd5d5d111",
"379192dd8faa68340a0081df567dfa7bddb8e6576461dbc0077ebbfc9db88e5f",
"494628eba62f1e625c473524f16a0f7c41c517a06dfb5e1d9fec29f8157f84b8",
"5d457b76e5f6d0aef98d7afaf09654869b29cdfda8c673fb871a77d2e48ce945",
"6382dbaa5833d99439fb2f32f6eab080ad83011c5590d707c43b833fd5d5d111",
"779192dd8faa68340a0081df567dfa7bddb8e6576461dbc0077ebbfc9db88e5f",
"894628eba62f1e625c473524f16a0f7c41c517a06dfb5e1d9fec29f8157f84b8",
"979192dd8faa68340a0081df567dfa7bddb8e6576461dbc0077ebbfc9db88e5f",
"094628eba62f1e625c473524f16a0f7c41c517a06dfb5e1d9fec29f8157f84b8",
}
var pass = "755aea6445a9251bb6ac9e08c28896c93b08868f860ea2451530c9db83588f77"
var costs = []int{
8,
10,
12,
14,
16,
18,
}
// Aim for a cost in the order of ~250ms on the current server
// Example execution on an Apple M1 Max
// single hash took 16.51353ms using 8 rounds
// single hash took 65.572939ms using 10 rounds
// single hash took 261.835407ms using 12 rounds
// single hash took 1.046684905s using 14 rounds
// single hash took 4.184984836s using 16 rounds
// single hash took 16.708390377s using 18 rounds
func main() {
for _, c := range costs {
start := time.Now()
test(c, 10)
fmt.Println(time.Since(start))
}
}
func test(cost, times int) {
hash, err := bcrypt.GenerateFromPassword([]byte(pass), cost)
if err != nil {
panic(err)
}
var count = 0
var start = time.Now()
for i := 0; i < times; i++ {
for _, g := range guesses {
if err = bcrypt.CompareHashAndPassword(hash, []byte(g)); err == nil {
panic(err)
}
count++
}
}
var dur = time.Since(start)
var single = dur / time.Duration(count)
fmt.Printf("single hash took %+v using %d rounds (%d executions)\n", single, cost, count)
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment