cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0
Upvote

Password salt / hash performance on similar hardware

vertizonal
New Here ,
Jul 31, 2017 Jul 31, 2017

Copy link to clipboard

Copied

I am using the following code as a test:

<cfset PlainTextPassword = "Testing123^^%%@@!">

<cfset tickBegin = GetTickCount()>

<cfset salt = Hash(GenerateSecretKey("AES"), "SHA-512")>

<cfset hashedPassword = Hash(Trim(PlainTextPassword) & salt, "SHA-512", "utf-8", 57500)>

<cfset tickEnd = GetTickCount()>

This runs in ~50-70 milliseconds on our test servers, but takes around 5 seconds on our live production server, which has similar to better specs:

Server

OS

Processor

RAM

Applications

ColdFusion settings

Load

test

64-bit (same)

Xeon X5670 (2 cores)

4GB

ColdFusion (same), MySQL

Set to use up to 1GB RAM

~0-5 concurrent users

live

64-bit (same)

Xeon X5670 (4 cores)

6GB

ColdFusion (same)

Set to use up to 2GB RAM

~50+ concurrent users

Any idea on why the difference is so drastic?

Thanks in advance.

Views

1.4K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 5 Replies 5
latest latest Jump to latest reply
haxtbh
Advocate ,
Jul 31, 2017 Jul 31, 2017

Copy link to clipboard

Copied

What version of Coldfusion? What hot fix of that version?

Which version of JVM are you running with Coldfusion

I assume the time you say is from the getTickCount() calculation?

What happens if you change the iterations argument?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
vertizonal
New Here ,
Jul 31, 2017 Jul 31, 2017

Copy link to clipboard

Copied

In Response To haxtbh

Thanks for the reply.

The ColdFusion (w/ hotfixes) and JVM versions are the exact same on both servers.

Yes, the time is the result of the getTickCount()'s.

If I knock it down to 10k iterations, it still takes ~800 ms on the production server. We can do this as a last resort, but to me, the vast difference points to a symptom of a mis-configuration or other problem that I should address. Our production server performs very well under it's current load, though I suspect a higher load may expose some issues.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
haxtbh
Advocate ,
Aug 01, 2017 Aug 01, 2017

Copy link to clipboard

Copied

In Response To vertizonal

What are the actual version numbers of Coldfusion and JVM.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
vertizonal
New Here ,
Aug 01, 2017 Aug 01, 2017

Copy link to clipboard

Copied

In Response To haxtbh

Both servers:

CF: 10,0,22,301868

JVM: 23.7-b01 (Java 1.7.0_15)

JCE: 6.0

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
vertizonal
New Here ,
Aug 02, 2017 Aug 02, 2017

Copy link to clipboard

Copied

LATEST

Charlie Arehart was in the middle of helping me troubleshoot this, and the problem magically went away while we in the middle of looking at log files (it was a persistent problem for almost a week prior to this). It now runs a bit faster (~40-50 ms) than our test servers, which is what I expected at the start.

We hadn't made any changes to anything. I'm wracking my brain trying to figure out what could have changed - our IT department confirmed that they didn't change anything related to the VM or network.

Charlie suggested that I look into at least getting a demo of Fusion Reactor if the problem re-appears, which we will do.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Copyright © 2024 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices