Predicting bcrypt time

Predicting bcrypt time

MiquelFire

Member #3,110

January 2003

I was reading up on using bcrypt and what not, and one thing I thought about is, can you predict how long it would take for it run on a certain work level?

PHP has a function called crypt, and one of the algorithms you can use is blowfish. bcrypt uses a custom version of it, but for this test, it's good enough (I hope, if someone knows of language that uses bcrypt and runs on Windows, let me know)

Anyway, I want to see if I can find a algorithm that would allow a program to predict how long it may take to run bcrypt with a given work load, assuming we time how long it takes to run a short one.

I attached a script I used to time it. Just run it and attach the log. Near the top, you'll see this line define('MAXTIME', 30.0); which can be changed to reflect how long a crypt function call can be before the script says it's done. If you want to provide more data (maybe at the expense of losing use of a core for some minutes) up that number. As is, the script uses 4 passwords, so 30*4 for how long a work load will take (well, there is the fact that on my machine, WL at 19 took 36.5 seconds to run on each crypt() call, so remember about that)

Based on this one computer, it appears to be 2 ^ wl^[1]

Latest version will always be here: https://bitbucket.org/miquelfire/random_scripts/raw/default/crypt_time.php

References

I can't figure out how to use the <math> tag

---
Febreze (and other air fresheners actually) is just below perfumes/colognes, and that's just below dead skunks in terms of smells that offend my nose.
MiquelFire.red
If anyone is of the opinion that there is no systemic racism in America, they're either blind, stupid, or racist too. ~Edgar Reynaldo

Vanneto

Member #8,643

May 2007

Here you go:

WL Pass  1   Pass  2   Pass  3   Pass  4   
== ======== ======== ======== ======== 
04 00.00011 00.00005 00.00003 00.00003 
05 00.00002 00.00002 00.00002 00.00002 
06 00.00002 00.00002 00.00002 00.00002 
07 00.00002 00.00002 00.00002 00.00002 
08 00.00002 00.00002 00.00002 00.00002 
09 00.00002 00.00002 00.00002 00.00002 
10 00.00002 00.00002 00.00002 00.00002 
11 00.00002 00.00002 00.00002 00.00002 
12 00.00002 00.00002 00.00002 00.00002 
13 00.00002 00.00002 00.00002 00.00002 
14 00.00002 00.00002 00.00002 00.00002 
15 00.00002 00.00002 00.00002 00.00002 
16 00.00002 00.00002 00.00002 00.00002 
17 00.00002 00.00002 00.00002 00.00002 
18 00.00002 00.00002 00.00002 00.00002 
19 00.00002 00.00002 00.00002 00.00002 
20 00.00002 00.00002 00.00002 00.00002 
21 00.00002 00.00002 00.00002 00.00002 
22 00.00002 00.00002 00.00002 00.00002 
23 00.00002 00.00002 00.00002 00.00002 
24 00.00002 00.00002 00.00002 00.00002 
25 00.00002 00.00002 00.00002 00.00002 
26 00.00002 00.00002 00.00002 00.00002 
27 00.00002 00.00002 00.00002 00.00002 
28 00.00002 00.00002 00.00002 00.00002 
29 00.00002 00.00002 00.00002 00.00002 
30 00.00002 00.00002 00.00002 00.00002 
31 00.00002 00.00002 00.00002 00.00002 
32 00.00002 00.00002 00.00002 00.00002 
33 00.00002 00.00002 00.00002 00.00002 
34 00.00002 00.00002 00.00002 00.00002 
35 00.00002 00.00002 00.00002 00.00002 
36 00.00002 00.00002 00.00002 00.00002 
37 00.00002 00.00002 00.00002 00.00002 
38 00.00002 00.00002 00.00002 00.00002 
39 00.00002 00.00002 00.00002 00.00002 
40 00.00002 00.00002 00.00002 00.00002 
41 00.00002 00.00002 00.00002 00.00002 
42 00.00002 00.00002 00.00002 00.00002 
43 00.00002 00.00002 00.00002 00.00002 
44 00.00002 00.00002 00.00002 00.00002 
45 00.00002 00.00002 00.00002 00.00002 
46 00.00002 00.00002 00.00002 00.00002 
47 00.00002 00.00002 00.00002 00.00002 
48 00.00002 00.00002 00.00002 00.00002 
49 00.00002 00.00002 00.00002 00.00002 
50 00.00002 00.00002 00.00002 00.00002 
51 00.00002 00.00002 00.00002 00.00002 
52 00.00002 00.00002 00.00002 00.00002 
53 00.00002 00.00002 00.00002 00.00002 
54 00.00002 00.00002 00.00002 00.00002 
55 00.00002 00.00002 00.00002 00.00002 
56 00.00002 00.00002 00.00002 00.00002 
57 00.00002 00.00002 00.00002 00.00002 
58 00.00002 00.00002 00.00002 00.00002 
59 00.00002 00.00002 00.00002 00.00002 
60 00.00003 00.00002 00.00002 00.00002 
61 00.00002 00.00002 00.00002 00.00002 
62 00.00002 00.00002 00.00002 00.00002 
63 00.00002 00.00002 00.00002 00.00002 
64 00.00002 00.00002 00.00002 00.00002 
65 00.00002 00.00002 00.00002 00.00002 
66 00.00002 00.00002 00.00002 00.00002 
67 00.00002 00.00002 00.00002 00.00002 
68 00.00002 00.00002 00.00002 00.00002 
69 00.00002 00.00002 00.00002 00.00002 
70 00.00002 00.00002 00.00002 00.00002 
71 00.00002 00.00002 00.00002 00.00002 
72 00.00002 00.00002 00.00002 00.00002 
73 00.00002 00.00002 00.00002 00.00002 
74 00.00002 00.00002 00.00002 00.00002 
75 00.00002 00.00002 00.00002 00.00002 
76 00.00002 00.00002 00.00002 00.00002 
77 00.00002 00.00002 00.00002 00.00002 
78 00.00002 00.00002 00.00002 00.00002 
79 00.00002 00.00002 00.00002 00.00002 
80 00.00002 00.00002 00.00002 00.00002 
81 00.00002 00.00016 00.00002 00.00002 
82 00.00002 00.00002 00.00002 00.00002 
83 00.00002 00.00002 00.00002 00.00002 
84 00.00002 00.00002 00.00002 00.00002 
85 00.00002 00.00002 00.00002 00.00002 
86 00.00002 00.00002 00.00002 00.00002 
87 00.00002 00.00002 00.00002 00.00002 
88 00.00002 00.00002 00.00002 00.00002 
89 00.00002 00.00002 00.00002 00.00002 
90 00.00002 00.00002 00.00002 00.00002 
91 00.00002 00.00002 00.00002 00.00002 
92 00.00002 00.00002 00.00002 00.00002 
93 00.00002 00.00002 00.00002 00.00002 
94 00.00002 00.00002 00.00002 00.00002 
95 00.00002 00.00002 00.00002 00.00002 
96 00.00002 00.00002 00.00002 00.00002 
97 00.00002 00.00002 00.00002 00.00002 
98 00.00002 00.00002 00.00002 00.00002

In capitalist America bank robs you.

MiquelFire

Member #3,110

January 2003

If your results are like Vanneto's, then you need to upgrade to PHP 5.3+

Windows users, that is a requirement. Forgot to add checks for that. (And now it's there, along with some other minor tweaks)

bamccaig

Member #7,536

July 2006

Jesus, MiquelFire. Here:^[1]

0001-modularized_write.patch#SelectExpand
  1--- crypt_time.php.orig  2011-02-28 13:30:11.563714598 -0500
  2+++ crypt_time.php  2011-02-28 13:29:33.404965201 -0500
  3@@ -1,4 +1,13 @@
  4 <?php
  5+function my_tee($str)
  6+{
  7+    $num_args = func_num_args();
  8+
  9+    for($i=1; $i<$num_args; $i++)
 10+        fwrite(func_get_arg($i), $str);
 11+
 12+    echo $str;
 13+}
 14+
 15 // sample "passwords" to crypt
 16 $pass = array('asdf', 'password', 'monkeyButt2014', 'G_QhU%&KRQRO9F8x+Z!VB+0w<^:67:*Rs8rW~w72\'IhU8g#|zl,e<cCW\'M,z%jN');
 17 $salt = substr(str_replace('+', '.', base64_encode(pack('N4', mt_rand(), mt_rand(), mt_rand(), mt_rand()))), 0, 22);
 18@@ -16,35 +25,27 @@
 19   die('Script should not be ran with more than 99 passwords');
 20 }
 21 $f = fopen('log.txt', 'wb');
 22-fwrite($f, 'WL ');
 23-echo 'WL ';
 24+my_tee('WL ', $f);
 25 for($i = 1; $i <= $c; $i++) {
 26-  fwrite($f, 'Pass ' . str_pad($i, 2, ' ', STR_PAD_LEFT) . '   ');
 27-  echo 'Pass ' . str_pad($i, 2, ' ', STR_PAD_LEFT) . '   ';
 28+  my_tee('Pass ' . str_pad($i, 2, ' ', STR_PAD_LEFT) . '   ', $f);
 29 }
 30-fwrite($f, "\n== ");
 31-echo "\n== ";
 32+my_tee("\n== ", $f);
 33 for($i = 1; $i <= $c; $i++) {
 34-  fwrite($f, '========= ');
 35-  echo '========= ';
 36+  my_tee('========= ', $f);
 37 }
 38 for($l = 0; $l < 99; $l++) {
 39   $s = '$2a$' . str_pad($l, 2, '0', STR_PAD_LEFT) . '$' . $salt;
 40-  fwrite($f, "\n" . str_pad($l, 2, '0', STR_PAD_LEFT) . ' ');
 41-  echo "\n" . str_pad($l, 2, '0', STR_PAD_LEFT) . ' ';
 42+  my_tee("\n" . str_pad($l, 2, '0', STR_PAD_LEFT) . ' ', $f);
 43   foreach($pass as $p) {
 44     $start = microtime(true);
 45     crypt($p, $s);
 46     $end = microtime(true);
 47     $t = $end - $start;
 48     $maxtime = max($maxtime, $t);
 49-    fwrite($f, sprintf("%08.5F ", microtime(true) - $start));
 50-    printf("%09.5F ", microtime(true) - $start);
 51-
 52+    my_tee(sprintf("%08.5F ", microtime(true) - $start), $f);
 53   }
 54   if ($maxtime > MAXTIME) break;
 55 }
 56-fwrite($f, "\n");
 57-echo "\n";
 58+my_tee("\n", $f);
 59 fclose($f);
 60 ?>

log.txt#SelectExpand
  1WL Pass  1   Pass  2   Pass  3   Pass  4   
  2== ========= ========= ========= ========= 
00.00002 00.00001 00.00001 00.00001 
00.00001 00.00001 00.00001 00.00001 
00.00001 00.00001 00.00001 00.00001 
00.00001 00.00001 00.00001 00.00001 
00.00222 00.00174 00.00179 00.00230 
00.00381 00.00352 00.00339 00.00357 
00.00670 00.00727 00.00736 00.00741 
00.01403 00.01822 00.01828 00.01437 
00.02968 00.02862 00.02900 00.02943 
00.05760 00.05714 00.06540 00.05725 
00.11366 00.11028 00.11355 00.11690 
00.21839 00.20960 00.20859 00.20847 
00.41691 00.41945 00.45185 00.46283 
00.92779 00.90506 00.89389 00.91981 
01.79063 01.67185 01.67635 01.84977 
03.53827 03.64823 03.53662 03.53267 
07.07351 07.12299 07.16767 07.03916 
14.80073 15.67679 14.97294 14.47166 
28.17006 27.45814 28.61684 28.59537 
56.76600 57.23619 56.85914 56.53677

Since I don't know what these numbers can tell you I'm just going to trust that you aren't h4xing my box with them. >:(

References

Ugh, PHP is so ugly.

--
I mean the best with what I say. It doesn't always sound that way.