Verifying hash on .NET8 (MAUI app) running on Android api 34 takes long

[rbakhshi]

Summary of what is wrong

Verify method seems to take much longer in .net 8 using Android MAUI app.

Details

We used same code on .NET5 and 6 and the time for Verify was negligible.

Since porting our project to .NET8 I noticed login process takes much longer and narrowed it down to calling Verify method taking 3 seconds!

Example code

        public bool VerifyHash(string text, string hash)
        {
            _logger.Debug("[trace1] start verify hash");
            var result = BCrypt.Net.BCrypt.Verify(text, hash);
            _logger.Debug("[trace1] end verify hash");
            return result;
        }

Calling the above function with 111111 and hashed value of $2a$12$luf9xtzcPijRzyMnb1PxsuqFUsBba0ve.R.5k00XOsGf2awcHwj8a takes 3 seconds. This is what I got from logs:

02-23 16:00:27.418  6995  7017 I app: [T:4][trace1] SignIn
02-23 16:00:27.419  6995  7017 I app: [T:4][trace1] SignIn - fetch user
02-23 16:00:27.421  6995  7017 I app: [T:4][trace1] start of ValidateCrewByPin
02-23 16:00:27.437  6995  7017 I app: [T:4][trace1] ValidateCrewByPin got user
02-23 16:00:27.439  6995  7017 I app: [T:4][trace1] start verify hash
02-23 16:00:30.424  6995  7017 I app: [T:4][trace1] end verify hash
02-23 16:00:30.424  6995  7017 I app: [T:4][trace1] ValidateCrewByPin got result
02-23 16:00:30.425  6995  7017 I app: [T:4][trace1] SignIn - fetch user done

[ChrisMcKee]

Is it as slow at the hash function? The verify call is just a hash call with the existing salt and a time safe comparison of the resulting string

[rbakhshi]

Correct, I traced it and the loop where it calls 'Key' functions seems to be the slow part. Which makes some sense as it runs for the number of rounds but 3 second was a big jump from previous versions of .net

[ChrisMcKee]

Are the times from running it in Windows or on a phone? Not really looked at maui with the usual msft-ui lasting 12 months before being killed off 😆

[ChrisMcKee]

Average release build speed using the nuget package is 400ms for me

[rbakhshi]

Thanks @ChrisMcKee for checking this on your side. Let me go back and dig a bit deeper to see what could be causing this. probably come up with the simplest possible scenario.

Will get back to you. Thanks again

[rbakhshi]

All right, a couple of updates:

1. Correct, Release build on Android works perfectly *200-400ms".
2. I tried same app on iOS and normal release works fine but if I only AOT the bcrypt library then the app will crash as soon as we click the button (in above example) or basically as soon as we access BCrypt classes or methods.

I will raise the second point to Xamarin/macios project. Thanks for looking at it. I guess this now close

[ChrisMcKee]

Cool. Not looked at how it plays in aot; I've found dotnets idea of AOT a bit hit and miss. Thanks for the update. 👍

[durandt]

@rbakhshi Your issues regarding discrepancies between Debug and Release builds for iOS could be linked to this issue: https://github.com/dotnet/maui/issues/13019

[rbakhshi]

hey @durandt that is what are doing right now but that means verify method on bcrypt algorithm takes 2-4 seconds to run!

I am actually looking to run it in release mode to gain the optimum performance. I have raised a related issue here if you are interested: https://github.com/dotnet/runtime/issues/99248