Frequent Argon2 hash computations cause long freezes

[roberthusak]

Test case:

function run() {
  for ($i = 0; $i < 30; $i++) {
    $start_time = microtime(true);
    password_hash("peachpie", PASSWORD_ARGON2ID, ['threads' => 3, 'time_cost' => 10]);
    echo (microtime(true) - $start_time);
    echo "\n";
  }
}

run();

Excerpt from the results:

0.15915632247924805
0.03872084617614746
0.03735613822937012
0.038123369216918945
...
0.03565382957458496
13.160521030426025
20.36347007751465
7.06570029258728
5.836850881576538
...

The problems also shows up when running ScriptTests, sporadically running one of the Argon2 tests longer than 1 minute.

It seems to be caused by the currently used library Isopoh.Cryptography.Argon2, see https://github.com/mheyman/Isopoh.Cryptography.Argon2/issues/22 and https://github.com/mheyman/Isopoh.Cryptography.Argon2/issues/25. PerfView shows long pauses for GC (probably caused by the specific behaviour of SecureArray), the manual creation of threads might contribute to the problem as well.

Preliminary tests show we can use the Konscious.Security.Cryptography library instead, but we need it to be strongly signed before that (https://github.com/kmaragon/Konscious.Security.Cryptography/issues/38) to prevent the problems on .NET Framework (https://github.com/peachpiecompiler/peachpie/issues/536).

[hez2010]

Seems that the issue can be fixed via updating Isopoh.Cryptography.Argon2 to v1.1.7+ See: https://github.com/mheyman/Isopoh.Cryptography.Argon2/issues/22#issuecomment-663999974

[jakubmisek]

@hez2010 thanks, we'll update and see

[roberthusak]

@hez2010 Thanks, it works well now.