Constantly running out of CPU time

I’m using this script here:

Works wonderfull to verify a hash, however - only on the first 5 requests, then the “script exceeded time limit” appears.

I was under the impression that CPU limit was per-request, but it appears that’s not the case at all…

If this is the case, then it’s entirely unusable because it won’t scale to more than 5/requests/second.

UPDATE: This no longer occurs and i can bench 22/req/second without issue. Did anything change?

UPDATE2: It’s when i run the hasher function two times that this starts to happen, but it doesn’t happen if i use the class once but with a very large key, which doesn’t make sense? Bug maybe?

Hi @thomas4,

The main consumer of CPU time in the script you linked to is the PBKDF2 derivation, which appears to be called in every invocation of verify(). The HMAC sign function itself shouldn’t take much time. Can you reduce the number of PBKDF2 iterations your script must perform? Or, if you must call verify() twice using the same password, perhaps the PBKDF2 derivation could be cached?

The CPU time limit is indeed enforced per request, but some initial requests may go over the limit due to a heuristic we implemented intended to smooth out scripts which have highly variant run times. The 5-requests-then-exceeded-time-limit that you’re seeing is an artifact of this heuristic.


Hello Harris,

I’ll take another stab at it tomorrow.

Password hashing/encryption is new to me, what is considered “enough” to be safe?

Though, I’m not sure if it even matters if I store passwords encrypted or not since you encrypt KV storage at rest anyway?

Doing one encrypt/decrypt works fine even with that amount of iterations, but doing doubleseems to spring the limit.

Here’s a nice table from Cryptosense:

In general I would say anything above 10k-20k iterations is good.

We do encrypt KV storage at rest and over the wire using 256 bit AES-GCM. I would still recommend hashing passwords, but I would consider even SHA256 with salts sufficient, any amount of PBKDF2 is as safe as I could imagine needing.

Can you expand on this? I’m not sure I follow, and I have scripts with highly variant CPU time.

Thanks for that, makes it much clearer! And yeah, hashing makes sense in any case.

I see GPU’s have gotten ~3x faster on password cracking since 2015, but there’s still a big margin.