performance optimisation

Question

performance optimisation

JuliusHaring opened this issue 8 years ago · 4 comments

What could i do to enhance Encryption performance? The Hash function seems to slow down my MEAN Stack server at a high level. Normal requests happen in about 20ms, creating a user and logging in (--> using the hash function on my server) slows it down to 3 to 4 seconds!

Answer 1 · 2016-08-26T17:46:58.000Z

Hi @JuliusHaring that is, to some extent, the very idea of this package. The more time your machine spends hashing the password, the harder it is to crack.

You can tweak the time by adjusting the work parameter. For instance setting it to 0.5 should cut the time in half. 3-4 seconds does seem like a long time.

Answer 2 · 2016-08-26T21:49:18.000Z

DO NOT adjust the work parameter. You will destroy your app's security. Instead, move your login service to a separate server that is not responsible for serving non-login related requests.

Answer 3 · 2016-08-26T21:50:45.000Z

Even better, forget storing passwords for your own app, and offload authentication & password management to a dedicated, security-aware third party service such as Auth0. See "Passwordless Authentication with Auth0".

Answer 4 · 2016-08-26T21:53:27.000Z

3-4 seconds is a long time, but if your server is underpowered (it is), adjusting the work parameter is still a very bad idea, because the bad guys have REALLY FAST computers and networks of cracking computers powered by parallel-processing GPU clusters.