Bug 57418 - Android - Call to Rfc2898DeriveBytes::GetBytes is crawling slow
Summary: Android - Call to Rfc2898DeriveBytes::GetBytes is crawling slow
Status: NEEDINFO
Alias: None
Product: Class Libraries
Classification: Mono
Component: System.Security (show other bugs)
Version: unspecified
Hardware: PC Windows
: --- normal
Target Milestone: Untriaged
Assignee: Bugzilla
URL:
Depends on:
Blocks:
 
Reported: 2017-06-13 01:33 UTC by Sylvain Gravel
Modified: 2017-10-04 12:20 UTC (History)
2 users (show)

See Also:
Tags:
Is this bug a regression?: ---
Last known good build:


Attachments

Description Sylvain Gravel 2017-06-13 01:33:07 UTC
I'm using SimpleCrypto in a project to hash passwords.  https://github.com/shawnmclean/SimpleCrypto.net
SimpleCrypto relies on Rfc2898DeriveBytes to generate the hash.  On Android however, this method is extremely slow and apparently causes a lot of garbage collection as I get a flow of these messages in the console :

06-12 21:19:20.211 D/Mono    (27533): GC_TAR_BRIDGE bridges 0 objects 0 opaque 0 colors 0 colors-bridged 0 colors-visible 46 xref 0 cache-hit 0 cache-semihit 0 cache-miss 0 setup 0.18ms tarjan 0.06ms scc-setup 0.18ms gather-xref 0.03ms xref-setup 0.00ms cleanup 0.00ms
06-12 21:19:20.211 D/Mono    (27533): GC_BRIDGE: Complete, was running for 0.52ms
06-12 21:19:20.211 D/Mono    (27533): GC_MINOR: (Nursery full) time 3.54ms, stw 4.03ms promoted 0K major size: 2368K in use: 1670K los size: 1024K in use: 234K

You can reproduce this by running the unit tests from here : https://github.com/shawnmclean/SimpleCrypto.net/blob/master/tests/PBKDF2Tests.cs

I'm using the Compute_2_Param_Sets_Properties version to be exact but it should all be the same.
Comment 1 Sylvain Gravel 2017-06-13 01:33:39 UTC
Of course, run the unit tests on a device with the appropriate runner...
Comment 2 Marek Safar 2017-09-13 13:24:06 UTC
I cannot reproduce it using suggested test like with SimpleCrypto 0.30

using System;
using System.Globalization;
using System.Security.Cryptography;
using SimpleCrypto;

class MainClass
{
	static ICryptoService CreateICryptoService ()
	{
		ICryptoService target = new PBKDF2 ();
		return target;
	}

	public static void Main (string [] args)
	{

		var service = CreateICryptoService ();

		var sw = new System.Diagnostics.Stopwatch ();
		sw.Start ();

		for (int i = 0; i < 10000; ++i) {
			string salt = "16.randomSalt";
			string plainText = "Password";

			service.Compute (plainText, salt);
		}

		sw.Stop ();
		Console.WriteLine (sw.ElapsedMilliseconds);
	}
}


It does no indirect calls to Rfc2898DeriveBytes

Note You need to log in before you can comment on or make changes to this bug.