Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/crypto/bcrypt: add cooperative scheduling and cancellation to bcrypt #236

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

x/crypto/bcrypt: add cooperative scheduling and cancellation to bcrypt #236

wants to merge 1 commit into from

Conversation

hf
Copy link

@hf hf commented Oct 25, 2022
edited
Loading

Password hashing functions like bcrypt are very CPU intensive and long running. On my Apple m1 chip, it takes about 75,455 microseconds for one password hash to be generated with the current DefaultCost of 10. Furthermore, the current algorithm is not cooperative with the rest of the Goroutines in the system, which can relatively easily create latency issues on other less CPU intensive Goroutines. This is in-particular a major issue in web servers implementing sign-in / sign-up with password.

This PR adds CompareHashAndPasswordWithContext and GenerateHashWithContext functions that call into runtime.Gosched() every 64 bcrypt rounds (i.e. about every 4.7 ms on m1). These also allow obeying a cancellation signal from the context. The existing functions are intentionally not cooperative.

(I'm open to tweaking the number of rounds.)

Fixes #56416

@gopherbot
Copy link
Contributor

This PR (HEAD: 1c7e1d0) has been imported to Gerrit for code review.

Please visit https://go-review.googlesource.com/c/crypto/+/444957 to see it.

Tip: You can toggle comments from me using the comments slash command (e.g. /comments off)
See the Wiki page for more info

@gopherbot
Copy link
Contributor

Message from Gopher Robot:

Patch Set 1:

Congratulations on opening your first change. Thank you for your contribution!

Next steps:
A maintainer will review your change and provide feedback. See
https://go.dev/doc/contribute#review for more info and tips to get your
patch through code review.

Most changes in the Go project go through a few rounds of revision. This can be
surprising to people new to the project. The careful, iterative review process
is our way of helping mentor contributors and ensuring that their contributions
have a lasting impact.

During May-July and Nov-Jan the Go project is in a code freeze, during which
little code gets reviewed or merged. If a reviewer responds with a comment like
R=go1.11 or adds a tag like "wait-release", it means that this CL will be
reviewed as part of the next development cycle. See https://go.dev/s/release
for more details.

Please don’t reply on this GitHub thread. Visit golang.org/cl/444957.
After addressing review feedback, remember to publish your drafts!

@hf hf force-pushed the hf/add-bcrypt-cooperative branch from 1c7e1d0 to 212fc8a Compare October 25, 2022 11:30
@gopherbot
Copy link
Contributor

This PR (HEAD: 212fc8a) has been imported to Gerrit for code review.

Please visit https://go-review.googlesource.com/c/crypto/+/444957 to see it.

Tip: You can toggle comments from me using the comments slash command (e.g. /comments off)
See the Wiki page for more info

@gopherbot
Copy link
Contributor

Message from Roland Shoemaker:

Patch Set 4: Hold+1

(1 comment)

Please don’t reply on this GitHub thread. Visit golang.org/cl/444957.
After addressing review feedback, remember to publish your drafts!

@hf hf mentioned this pull request Oct 25, 2022
Open
@gopherbot
Copy link
Contributor

Message from Stojan Dimitrovski:

Patch Set 5:

(1 comment)

Please don’t reply on this GitHub thread. Visit golang.org/cl/444957.
After addressing review feedback, remember to publish your drafts!

@gopherbot
Copy link
Contributor

Message from Gopher Robot:

Patch Set 1:

Congratulations on opening your first change. Thank you for your contribution!

Next steps:
A maintainer will review your change and provide feedback. See
https://go.dev/doc/contribute#review for more info and tips to get your
patch through code review.

Most changes in the Go project go through a few rounds of revision. This can be
surprising to people new to the project. The careful, iterative review process
is our way of helping mentor contributors and ensuring that their contributions
have a lasting impact.

During May-July and Nov-Jan the Go project is in a code freeze, during which
little code gets reviewed or merged. If a reviewer responds with a comment like
R=go1.11 or adds a tag like "wait-release", it means that this CL will be
reviewed as part of the next development cycle. See https://go.dev/s/release
for more details.

Please don’t reply on this GitHub thread. Visit golang.org/cl/444957.
After addressing review feedback, remember to publish your drafts!

@gopherbot
Copy link
Contributor

Message from Roland Shoemaker:

Patch Set 4: Hold+1

(1 comment)

Please don’t reply on this GitHub thread. Visit golang.org/cl/444957.
After addressing review feedback, remember to publish your drafts!

@gopherbot
Copy link
Contributor

Message from Stojan Dimitrovski:

Patch Set 5:

(1 comment)

Please don’t reply on this GitHub thread. Visit golang.org/cl/444957.
After addressing review feedback, remember to publish your drafts!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hf @gopherbot