Horrible chat lag when checking if chat messages are passwords

Question

Horrible chat lag when checking if chat messages are passwords

Closed this issue 8 years ago · 18 comments

DaPigGuy commented 8 years ago

DO NOT REMOVE THIS

Please make sure your issue complies with these guidelines:

- Be using PMMP
- Make sure the issue hasn't already been reported
- Make sure you are on the latest version of PMMP & PiggyAuth
- Have a detailed title like "Players are being kicked randomly"
- Provide any crash dumps or errors

General

When players chat, there is horrible lag when checking if messages are the password. (Currently removed from PiggyAuth)

Server Software:

PMMP

Version of PiggyAuth:

3.0.0.10

Data Provider:

MySQL
SQLite

Steps to Reproduce the Issue

Chat a lot

Extra Information

AnUnknownPerson commented 8 years ago

Hmm ok

Answer 1 · 2017-04-28T23:28:49.000Z

Were in the code is it set to check for passwords?

Answer 2 · 2017-04-28T23:38:04.000Z

EventListener

Answer 3 · 2017-05-02T22:50:59.000Z

Show me the code were it checks please.

Answer 4 · 2017-05-03T00:27:34.000Z

EventListener Line 194

Answer 5 · 2017-05-04T04:16:32.000Z

OK let me see

Answer 6 · 2017-05-04T04:20:31.000Z

What test server are you using?
1 how are you hosting?
2 how Much ram do you have
3 how Much ram have you used?
4 what plugins are installed?

Answer 7 · 2017-05-04T07:23:18.000Z

it probably the same regardless of details like ram etc, since you are querying not via async

Answer 8 · 2017-05-05T02:26:26.000Z

That shouldn't matter, you can have a server with one player and you can notice it.

Answer 9 · 2017-05-05T22:00:37.000Z

@MCPEPIG @Aericio @Thunder33345 hmm can I see a video or a clip of it!?

Answer 10 · 2017-05-05T22:02:11.000Z

@MCPEPIG @Thunder33345 @Aericio us there any error or spam in the console?

Answer 11 · 2017-05-06T02:58:48.000Z

Me and @MCPEPIG already tested & confirmed this bug... there are no errors.

Answer 12 · 2017-05-06T05:40:02.000Z

Confirmed by 3 people on 3 different servers using PiggyAuth.

Answer 13 · 2017-05-06T18:56:30.000Z

I agree to @Thunder33345 that is has to be done via async. To compare chat message and password it has to be generated a hash, which is almost done extra slow for security reasons.
(https://github.com/MCPEPIG/PiggyAuth/blob/master/src/PiggyAuth/Main.php#L240)
But also via async there would probably be a noticeable delay before it sends the message. I'm really unsure if there is a secure solution for this issue.

Answer 14 · 2017-05-06T20:30:42.000Z

just include an option to not check it for now some owners dont really think this is a necessary feature at the price of speed, also how hereauth did it?

and other plugins who does anti share pwd things??

Answer 15 · 2017-05-06T23:04:42.000Z

I think other plugins are using weaker hash algorithms so they are more easy to brute-force.
HereAuth and SimpleAuth are using a combination of salted SHA-512 and Whirlpool hash.
PiggyAuth is using BCrypt which is designed to make it hard to brute-force.
You could try reducing the cost value in config.yml which should also reduce the amount of time to compute: https://github.com/MCPEPIG/PiggyAuth/blob/master/resources/config.yml#L166

Answer 16 · 2017-05-27T11:44:59.000Z

Is this really only related to chat messages? I'm experiencing a lag spike here when a player uses /login.

Answer 17 · 2017-05-27T21:55:52.000Z

I believe this is fixed in #76