auth0 / node-jsonwebtoken

JsonWebToken implementation for node.js http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html
MIT License
17.73k stars 1.23k forks source link

What happened? The performance of jsonwebtoken 9.0.2 is 50 times slower than 8.5.1 #966

Open VxRain opened 7 months ago

VxRain commented 7 months ago

Description

The performance of jsonwebtoken 9.0.2 is 50 times slower than 8.5.1, mainly in the HS256 algorithm. The encoding speed has slowed down by 53 times, and the decoding speed by 34 times.

8.5.1 benchmark results

Encoding HS256 x 120,423 ops/sec ±0.33% (91 runs sampled) RS256 x 793 ops/sec ±0.50% (94 runs sampled) ES256 x 2,418 ops/sec ±0.99% (94 runs sampled) Fastest encoder is HS256

Decoding HS256 x 87,990 ops/sec ±0.93% (95 runs sampled) RS256 x 5,921 ops/sec ±0.89% (93 runs sampled) ES256 x 4,763 ops/sec ±0.77% (94 runs sampled) Fastest decoder is HS256


9.0.2 benchmark results

Encoding HS256 x 2,264 ops/sec ±4.58% (78 runs sampled) RS256 x 759 ops/sec ±0.73% (93 runs sampled) ES256 x 2,131 ops/sec ±1.08% (91 runs sampled) Fastest encoder is HS256

Decoding HS256 x 2,568 ops/sec ±0.93% (93 runs sampled) RS256 x 5,527 ops/sec ±1.60% (87 runs sampled) ES256 x 3,871 ops/sec ±1.62% (91 runs sampled) Fastest decoder is RS256

Reproduction

https://github.com/VxRain/node-jwt-benchmark

Environment

panga commented 7 months ago

Confirmed the performance regression.

Looks like it was introduced in https://github.com/auth0/node-jsonwebtoken/commit/ecdf6cc6073ea13a7e71df5fad043550f08d0fa6 by adding a crypto.createSecretKey call to create a KeyObject instead of using the string secret or PEM file. This was done to address some security vulnerabilities.

The regression can be workaround in 9.0.2 by passing a KeyObject directly to sign/verify methods.

panva commented 1 month ago

I strongly suggest passing any key material as KeyObject instances.

This is especially beneficial for HMAC based algorithms since it avoids the library having to guess what type of key (or secret) is passed.

const secret = crypto.createSecretKey(Buffer.from('your secret'))
panva commented 1 month ago

See the difference when KeyObject is used. secret with crypto.createSecretKey, public keys with crypto.createPublicKey, private keys with crypto.createPrivateKey

Before:

Signing
HS256 x 3,945 ops/sec ±1.07% (98 runs sampled)
RS256 x 892 ops/sec ±1.86% (99 runs sampled)
ES256 x 3,286 ops/sec ±1.08% (97 runs sampled)

Verification
HS256 x 3,809 ops/sec ±0.67% (96 runs sampled)
RS256 x 9,239 ops/sec ±0.83% (97 runs sampled)
ES256 x 6,234 ops/sec ±1.62% (95 runs sampled)

After:

Signing
HS256 x 249,222 ops/sec ±0.83% (94 runs sampled)
RS256 x 1,741 ops/sec ±0.86% (100 runs sampled)
ES256 x 36,444 ops/sec ±0.90% (93 runs sampled)

Verification
HS256 x 186,174 ops/sec ±0.38% (95 runs sampled)
RS256 x 43,935 ops/sec ±0.59% (100 runs sampled)
ES256 x 16,091 ops/sec ±0.67% (99 runs sampled)
panva commented 1 month ago

@frederikprijck let's figure out how to change the docs to indicate the inputs SHOULD be KeyObject instances and that other means of passing key material are strictly for convenience.