In our web application, we use jBcrypt to hash passwords. We use 13 log_rounds for password hashing.
Usually BCrypt.checkpw () takes about 1 second. But from time to time (after a few days), it suddenly starts slowly, and from that time it takes almost 30 seconds and does not recover to normal speed. The Tomcat implementation is the only thing that helps here.
I would not wonder if this happened from time to time, for example, if there is a high processor load or the GC is working. But this is not the case, it suddenly starts to slow down. This only affects the login process, the rest of the application is still fast. We also have no detectable memory leaks or other performance issues. This is just BCrypt.checkpw (), which is slow. A dump of the stream indicates that time is consumed by BCrypt.checkpw and subsequent method calls, especially BCrypt.encipher:
Thread 8597: (state = IN_JAVA) - org.mindrot.jbcrypt.BCrypt.encipher(int[], int) @bci=0, line=490 (Interpreted frame) - org.mindrot.jbcrypt.BCrypt.key(byte[]) @bci=122, line=562 (Interpreted frame) - org.mindrot.jbcrypt.BCrypt.crypt_raw(byte[], byte[], int) @bci=89, line=629 (Compiled frame) - org.mindrot.jbcrypt.BCrypt.hashpw(java.lang.String, java.lang.String) @bci=226, line=692 (Interpreted frame) - org.mindrot.jbcrypt.BCrypt.checkpw(java.lang.String, java.lang.String) @bci=3, line=763 (Interpreted frame)
I found only one similar problem in SO, but several Classloaders cannot be a problem in our case: Modified and degrading performance when using jbcrypt
Does anyone know what is going on here?
source share