search

citizenfx / fivem

The source code for the Cfx.re modification frameworks, such as FiveM, RedM and LibertyM, as well as FXServer.
https://cfx.re/
3.58k stars 2.12k forks source link

GET_PASSWORD_HASH / VERIFY_PASSWORD_HASH slow down the server thread #2660

Open Korioz opened 4 months ago

Korioz commented 4 months ago

What happened?

Password hash natives uses bcrypt under the hood, bcrypt is designed to be slow the issue is not that it is slow, the issue is that calling password hashing natives will make the server thread hitch during the operations.

Maybe providing async alternatives natives and executing bcrypt operations in another thread would be a viable solution.

Expected result

No server thread hitch.

Reproduction steps

  1. Execute a server-side script containing this :

    RegisterCommand('testpass', function()
local pass = 'MyVeryStrongPassword123'

local timeNow = GetGameTimer()
local passHash = GetPasswordHash(pass)
VerifyPasswordHash(pass, passHash)
print(('%u ms elapsed during password operations'):format(GetGameTimer() - timeNow))
end, false)
  2. Type testpass in Console and see the output.

Importancy

Slight inconvenience

Area(s)

FXServer, Natives

Specific version(s)

Tested on Server 8867 and olders (this issue has been here for years)

Additional information

No response

Zjarany-Ksiezyc commented 4 months ago

just use 

local function getPasswordHash(pass)
    return joaat(pass)
end

local function verifyPasswordHash(pass, hash)
    return getPasswordHash(pass) == hash
end
CrunchyBadger commented 3 months ago

@Korioz This is a hack workaround till its fixed if you need it. https://github.com/CrunchyBadger/fivem-bcrypt-async

(Will probably break with different fx server versions, ik it doesn't work on 8981)

Working on latest.

Works same as natives but you need to use exports.