I have a server with 2 intel xeons on it, this gives me quite a lot of cores. And on that server i have an app, that uses php to hash passwords in blowfish. But the issue is php is not using all the cores it could, so the hashing becomes slow as hell. How could i make multicore usage possible for php hashing?
Asked
Active
Viewed 224 times
-2
-
1bcrypt is not encryption (passwords should *never* be encrypted), it's hashing. It's designed to be slow. You can change the work factor (and should use PHP's built-in `password_hash` function to do it) but it will never use more than one core for an individual hashing attempt. – ceejayoz Aug 03 '16 at 17:40
-
Ok, so could it be done like this: user a starts hashing a password, it is executed on core 1 | user b starts hashing a password, it is executed on core2? – Jojo01 Aug 03 '16 at 17:42
-
It works automatically that way (be sure to keep session files in memcache, though)... – Anubioz Aug 03 '16 at 17:43
-
@Jojo01 Yes, PHP (assuming you're not doing something dumb like running the built-in development-only server) either via something like FPM or Apache's mod_php will be run on multiple cores via worker processes. See http://stackoverflow.com/questions/2267345/how-do-you-make-good-use-of-multicore-cpus-in-your-php-mysql-applications for details. – ceejayoz Aug 03 '16 at 17:44
-
If your password hashing is noticeably slow (more than a few tenths of a second) you should consider reducing the work factor. – ceejayoz Aug 03 '16 at 17:45
1 Answers
1
Password hashing is using all availible cores by default, if it seems too slow there are two ways of improving it:
- First is reducing bcrypt work factor
- Second is installing haveged daemon to regenerate entropy pool
Anubioz
- 3,597
- 17
- 23
-
Currently my work factor is 18, and it takes about 5 seconds for a 8 letter password. The recommended work factor, if i remeber correctly was 8, but i read that a collision attack was possible against a work factor of 4, so i went paranoiac... – Jojo01 Aug 03 '16 at 18:00
-
@Jojo01 Well, there's your problem. 18 is an absurdly high work factor. – ceejayoz Aug 03 '16 at 18:07
-
1