Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SEC-2521: Improve StandardPasswordEncoder Performance #2736

Closed
spring-projects-issues opened this issue Mar 12, 2014 · 2 comments
Closed

SEC-2521: Improve StandardPasswordEncoder Performance #2736

spring-projects-issues opened this issue Mar 12, 2014 · 2 comments
Assignees
Labels
in: crypto type: enhancement type: jira
Milestone

Comments

@spring-projects-issues
Copy link

@spring-projects-issues spring-projects-issues commented Mar 12, 2014

pascal gehl (Migrated from SEC-2521) said:

My web application uses a StandardPasswordEncoder to match passwords in Basic Authentication.
Under heavy load (700 Http requests per second) org.springframework.security.crypto.password.Digester becomes a major source of contention in

public byte[] digest(byte[] value) {
synchronized (messageDigest) {
... ommitted for clarity
}
}

At 700 HTTP requests per seconds this synchronized block has an average contention of 247 milliseconds with maximums of 1.18 seconds.

At 500 HTTP requests per seconds this synchronized block has an average contention of 28 milliseconds with maximums of 291 milliseconds.

I wonder if there is a non synchronized alternative to StandardPasswordEncoder ?

@spring-projects-issues
Copy link
Author

@spring-projects-issues spring-projects-issues commented Oct 27, 2015

Rob Winch said:

Thanks for the report. We can improve the performance by creating a new Digest instead of using synchronized.

@spring-projects-issues
Copy link
Author

@spring-projects-issues spring-projects-issues commented Oct 27, 2015

pascal gehl said:

We ended up creating a PooledPasswordEncoder using commons-pool2 with the size of the pool roughly equals to the number of threads in the web container.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
in: crypto type: enhancement type: jira
Projects
None yet
Development

No branches or pull requests

2 participants