[erlang-questions] bcrypt message queues

Technion technion@REDACTED
Wed Jun 1 00:18:40 CEST 2016

Is there any particularly great documentation on how to ensure a NIF doesn't fall into these traps?
I'm going to have a need for Argon2 at some point, at the moment making such a NIF looks well over my head.

From: erlang-questions-bounces@REDACTED <erlang-questions-bounces@REDACTED> on behalf of Stanislaw Klekot <erlang.org@REDACTED>
Sent: Tuesday, 31 May 2016 7:31:25 PM
To: Sverker Eriksson
Cc: erlang-questions@REDACTED
Subject: Re: [erlang-questions] bcrypt message queues

On Tue, May 31, 2016 at 10:56:05AM +0200, Sverker Eriksson wrote:
> How heavy duty is this bcrypt?
> Does it take milliseconds to hash one little password?

Password hashes are *designed* to take long time to compute (e.g.
a semi-traditional MD5-based crypt() is MD5 hash applied 1000 times,
each time to the result of previous computation). This is to make
precomputation attacks so much more costly.

Having that said, https://github.com/chef/erlang-bcrypt has its
internals sub-par, as it runs two processes (one for NIF and one for
port driver; why port driver? there's no state to maintain between
calls as far as I'm aware), and NIF is always called in one. This makes
a great example of an unnecessary bottleneck.

Stanislaw Klekot
erlang-questions mailing list

More information about the erlang-questions mailing list