The following passage can be found under the docs for Crypto::Bcrypt:
This implementation of Bcrypt is currently 50% slower than pure C solutions, so keep this in mind when selecting your cost. It may be wise to test with Ruby's bcrypt gem which is a binding to OpenBSD's implementation.
However, when testing, I could not reproduce this.
I think it is outdated and should be updated.
I compared the performance between crystal (stdlib) and bcrypt-ruby.
These are the performance metrics from my system:
As you can see in the table, crystal is a fair bit slower than ruby, but definitely not near 50% (if my tests aren't flawed, on my system).
I think in most cases the statement in the docs is misleading, and I have already seen people on the crystal-lang discord search for openbsd-based bcrypt libraries because of it.
Bug Report
The following passage can be found under the docs for
Crypto::Bcrypt
:However, when testing, I could not reproduce this. I think it is outdated and should be updated.
I compared the performance between crystal (stdlib) and bcrypt-ruby. These are the performance metrics from my system:
Ruby code and results
```rb require "benchmark/ips" require "bcrypt" input = "my strong password" Benchmark.ips do |x| x.report("create hash (cost 6)") { BCrypt::Password.create(input, cost: 6) } end Benchmark.ips do |x| x.report("create hash (cost 12)") { BCrypt::Password.create(input, cost: 12) } end hash = BCrypt::Password.create(input, cost: 6) Benchmark.ips do |x| x.report("verify hash (cost 6)") { hash == input } end hash = BCrypt::Password.create(input, cost: 12) Benchmark.ips do |x| x.report("verify hash (cost 12)") { hash == input } end ``` ``` Warming up -------------------------------------- create hash (cost 6) 34.000 i/100ms Calculating ------------------------------------- create hash (cost 6) 337.954 (± 0.3%) i/s - 1.700k in 5.030329s Warming up -------------------------------------- create hash (cost 12) 1.000 i/100ms Calculating ------------------------------------- create hash (cost 12) 5.535 (± 0.0%) i/s - 28.000 in 5.058732s Warming up -------------------------------------- verify hash (cost 6) 34.000 i/100ms Calculating ------------------------------------- verify hash (cost 6) 342.480 (± 0.0%) i/s - 1.734k in 5.063066s Warming up -------------------------------------- verify hash (cost 12) 1.000 i/100ms Calculating ------------------------------------- verify hash (cost 12) 5.550 (± 0.0%) i/s - 28.000 in 5.045026s ```Crystal code and results
```cr require "crypto/bcrypt/password" require "benchmark" input = "my strong password" Benchmark.ips do |x| x.report("create hash (cost 6)") { Crypto::Bcrypt::Password.create(input, cost: 6) } end Benchmark.ips do |x| x.report("create hash (cost 12)") { Crypto::Bcrypt::Password.create(input, cost: 12) } end hash = Crypto::Bcrypt::Password.create(input, cost: 6) Benchmark.ips do |x| x.report("verify hash (cost 6)") { hash.verify(input) } end hash = Crypto::Bcrypt::Password.create(input, cost: 12) Benchmark.ips do |x| x.report("verify hash (cost 12)") { hash.verify(input) } end ``` ``` --- Using --mcpu=native --- create hash (cost 6) 344.56 ( 2.90ms) (± 0.26%) 5.46kB/op fastest create hash (cost 12) 5.40 (185.03ms) (± 0.25%) 5.1kB/op fastest verify hash (cost 6) 342.03 ( 2.92ms) (± 0.09%) 4.48kB/op fastest verify hash (cost 12) 5.41 (184.73ms) (± 0.13%) 4.4kB/op fastest --- Default --- create hash (cost 6) 322.62 ( 3.10ms) (± 0.05%) 5.46kB/op fastest create hash (cost 12) 5.11 (195.79ms) (± 0.06%) 5.53kB/op fastest verify hash (cost 6) 320.26 ( 3.12ms) (± 0.13%) 4.48kB/op fastest verify hash (cost 12) 5.06 (197.48ms) (± 0.08%) 4.4kB/op fastest ```As you can see in the table, crystal is a fair bit slower than ruby, but definitely not near 50% (if my tests aren't flawed, on my system).
I think in most cases the statement in the docs is misleading, and I have already seen people on the crystal-lang discord search for openbsd-based bcrypt libraries because of it.