Question about complexity setting

[MikeLauer]

Hey there! I've set up altcha (widget and server (node altcha-lib)) and it works quite well!

I'm a bit confused about the complexity. On the complexity tester it needs <0.5s for 20k. But if I set the maxNumber on the server to 20k it sometimes take >20s. Am I misunderstanding something about how the lib implements complexity?

Code for challenge creation: (I checked the variable, its value is 20k)

const challenge = await createChallenge({
        hmacKey,
        maxNumber: complexity
    });

I'd appreciate some clarification. Great project!

[ovx]

Hi, the computation time heavily depends on the computing power of the device. A laptop has a very different capability then a phone, especially when compared to low-end devices.

The complexity should be adjusted to target your typical audience - if they use low-end phones, configure low maxnumber. For common use-cases, such as a contact form submissions, there's really no benefit of setting the complexity too high, so it's better to make the overall UX smoother by configuring a low complexity.

Unless you're testing it on the same device and you're consistently getting poor performance, that could be a bug (20s for 20k is about what to expect for very low-end devices).

[MikeLauer]

Hey, thanks for the quick response.

Yes, I get that different type of devices require different amount of time for the computation. With a fixed number of 20k I measured (in an unscientific way) the following timings (ca):

Device	Firefox	Chrome/Chromium
PC (Linux)	6s	2s
Laptop A (Linux)	20s	1s
Laptop B (Windows)	11s	4s
Android Phone	13s	7s
iPad	2s	3s

For number equal 50k	Device	Firefox	Chrome/Chromium
PC (Linux)	12s	3s
Laptop A (Linux)	22s	3s
Laptop B (Windows)	22s	7s
Android Phone	30s	17s
iPad	6s	6s

For number equal 1e6	Device	Firefox	Chrome/Chromium
PC (Linux)	19s	5s
Laptop A (Linux)	22s	6s
Laptop B (Windows)	32s	10s
Android Phone	67s	42s
iPad	14s	14s

I'd say the difference between 50k and 20k is within reason.

Now, what's confusing to me is, that with the complexity tester for 50k it only needs <1s on Laptop A (Firefox) and <4s on Android Phone (Firefox). And for 1e6 it's only 13s for Laptop A (Firefox).

The complexity tester numbers are so different than what I'm experiencing on my site.

Also, Firefox seems to perform way worse than Chrome/Chromium. But I guess that's out of this scope as it's probably browser implementation related.

[ovx]

Thanks for the numbers.

I just quickly run some tests, with 1 worker Firefox is actually about 40% faster then Chrome, but it's slower by over 100% with multiple workers. Looks like there is some space for optimizing the worker code on Firefox, but for now, its expected to have about +100% in Firefox. I'll investigate this issue more.

When you're testing the number values, its also necessary to adjust maxnumber to the same value as number. The default is 1e6 and the widget uses the maxnumber to split the work for multiple workers. Configuring it properly helps to optimize work and leads to much better times.

[MikeLauer]

When you're testing the number values, its also necessary to adjust maxnumber to the same value as number. The default is 1e6 and the widget uses the maxnumber to split the work for multiple workers. Configuring it properly helps to optimize work and leads to much better times.

Ohh I see. So dynamic complexity that depends on the load would require runtime changes on the frontend (widget) and backend (lib), right?

I'll investigate this issue more.

Thanks! It's a great lib!

[ovx]

The dynamic complexity means adjusting the random number generated by the server. The maxnumber is there really just to optimize the work division between multiple workers and more aligned it is with the actual number, better efficiency.

But I plan to add maxnumber to the challenge generated by the server as an optional property and if present, the widget will use it regardless of it's maxnumber attribute to make the dynamic complexity easier and also because right now it's easy to make mistakes with these numbers.

[MikeLauer]

Okay forget all my numbers. Setting maxnumber in the widget makes a huge difference!