Closed fguillen closed 8 years ago
tiegz
commented
8 years ago @fguillen this may be because the default crypto provider was changed from sha-512 to scrypt. Did you use sha-512 originally, and can you confirm that it's faster if you explicitly set it back to sha-512?
fguillen
commented
8 years ago @tiegz thanks for the suggestion, it really makes a difference:
Without explicit crypto provider:
Finished in 47.635423s, 0.9447 runs/s, 2.3302 assertions/s.With the setting in every acts_as_authentic entity of c.crypto_provider = Authlogic::CryptoProviders::Sha512:
Finished in 9.295282s, 4.8412 runs/s, 11.9415 assertions/s.I don't know if you want to close this issue or not.. for me looks like a bug that the crypto provider library change is making my code 5 times slower :/
tiegz
commented
8 years ago @fguillen I can see how it's painful, but the purpose of a strong cryptographic hashing algorithm is to be time-consuming [to make brute forcing harder]. I've preset the crypted_password in my test models to avoid this in the past, and also set a lower cost when I was using BCrypt specifically for my tests.
It looks like the newer version of the scrypt gem added a way to set the cost. Upgrading authlogic to this 2.* scrypt would be a great fix, plus a note in the README for people to lower the cost for their tests.
tiegz
commented
8 years ago @fguillen I just realized authlogic 3.4.6 allows scrypt 2.* in the gemspec. If you gem 'scrypt', '~> 2.1' in your Gemfile and bundle, you should be able to do this in your test helper:
SCrypt::Engine.calibrate!(max_time: 0.01)
:thumbsup:?
fguillen
commented
8 years ago 👍 this does the job :)
I upgraded the gem from
3.3.0to3.4.6and my tests were running 5 times slower.After a bit of analysis I figured out that the slow part was the creation of model with authlogic activated, for example:
This is a basic benchmark of a test with different versions of authlogic running: