Horrible chat lag when checking if chat messages are passwords

[DaPigGuy]

DO NOT REMOVE THIS

Please make sure your issue complies with these guidelines:

• • [x] Be using PMMP
• • [x] Make sure the issue hasn't already been reported
• • [x] Make sure you are on the latest version of PMMP & PiggyAuth
• • [x] Have a detailed title like "Players are being kicked randomly"
• • [x] Provide any crash dumps or errors

General

When players chat, there is horrible lag when checking if messages are the password. (Currently removed from PiggyAuth) #### **Server Software:** PMMP #### **Version of PiggyAuth:** 3.0.0.10 #### **Data Provider:**

• [x] MySQL
• [ ] SQLite

Steps to Reproduce the Issue

1. Chat a lot

Extra Information

[AnUnknownPerson]

Were in the code is it set to check for passwords?

[DaPigGuy]

EventListener

[AnUnknownPerson]

Show me the code were it checks please.

[DaPigGuy]

EventListener Line 194

[AnUnknownPerson]

OK let me see

[AnUnknownPerson]

What test server are you using? 1 how are you hosting? 2 how Much ram do you have 3 how Much ram have you used? 4 what plugins are installed?

[Thunder33345]

it probably the same regardless of details like ram etc, since you are querying not via async

[Aericio]

That shouldn't matter, you can have a server with one player and you can notice it.

[AnUnknownPerson]

@MCPEPIG @Aericio @Thunder33345 hmm can I see a video or a clip of it!?

[AnUnknownPerson]

@MCPEPIG @Thunder33345 @Aericio us there any error or spam in the console?

[Aericio]

Me and @MCPEPIG already tested & confirmed this bug... there are no errors.

[DaPigGuy]

Confirmed by 3 people on 3 different servers using PiggyAuth.

[AnUnknownPerson]

Hmm ok

[SleepSpace9]

I agree to @Thunder33345 that is has to be done via async. To compare chat message and password it has to be generated a hash, which is almost done extra slow for security reasons. (https://github.com/MCPEPIG/PiggyAuth/blob/master/src/PiggyAuth/Main.php#L240) But also via async there would probably be a noticeable delay before it sends the message. I'm really unsure if there is a secure solution for this issue.

[Thunder33345]

just include an option to not check it for now some owners dont really think this is a necessary feature at the price of speed, also how hereauth did it?

and other plugins who does anti share pwd things??

[SleepSpace9]

I think other plugins are using weaker hash algorithms so they are more easy to brute-force. HereAuth and SimpleAuth are using a combination of salted SHA-512 and Whirlpool hash. PiggyAuth is using BCrypt which is designed to make it hard to brute-force. You could try reducing the cost value in config.yml which should also reduce the amount of time to compute: https://github.com/MCPEPIG/PiggyAuth/blob/master/resources/config.yml#L166

[SalmonDE]

Is this really only related to chat messages? I'm experiencing a lag spike here when a player uses /login.

[SalmonDE]

I believe this is fixed in #76