search

gabetax / attr_encrypted_pgcrypto

A pgcrypto-based Encryptor implementation for attr_encrypted.
MIT License
18 stars 5 forks source link

Benchmark is no accurate #1

Open peterox opened 8 years ago

peterox commented 8 years ago

Hi there,

I was curious about your benchmark figures and after some research worked out that they are not accurate.

Section 5.8 in http://web.mit.edu/jhawk/mnt/spo/postgres-8.2/src/postgresql-8.2.5/contrib/pgcrypto/README.pgcrypto states that the default algorithm used is aes-128. attr_entrypted uses aes-256 as a default.

I modified your code to specify the aes-256 algorithm and the benchmark figures changed. 

def encrypt(*args, &block)
  escape_and_execute_sql(["SELECT pgp_sym_encrypt(?, ?, 'cipher-algo=aes256')", value(args), key(args)])['pgp_sym_encrypt']
end

Note I also changed the benchmark to test decryption:

Before:

                         user     system      total        real
pgcrypto             0.720000   0.280000   1.000000 (  4.378661)
pgcrypto - decrypt   0.740000   0.270000   1.010000 (  4.422669)
openssl              8.340000   0.010000   8.350000 (  8.351276)
openssl - decrypt    8.530000   0.020000   8.550000 (  8.564866)

after

                         user     system      total        real
pgcrypto             0.740000   0.260000   1.000000 (  7.003118)
pgcrypto - decrypt   0.810000   0.280000   1.090000 (  7.171194)
openssl              8.790000   0.020000   8.810000 (  8.821168)
openssl - decrypt    8.530000   0.010000   8.540000 (  8.543087)

Using pgcrypto was still faster but not as much as when only using 128 bit encryption.

Cheers Peter

gabetax commented 8 years ago

Thanks for the update. It may be smart to make the cipher configurable going forward. It's also worth making a note that this shifts CPU load from the application servers (which are plentiful) to the database servers (which can bottleneck more easily).