Ok, so I've looked at your example a bit. I think you're right in that the SECOND one will always be slower. However, I believe that the second one is substantially slower not because of the algorithm but because it is running second. I am guessing, perhaps you can verify, that the second one has to wait longer for the RNG pool to get good values.
The reason I say this is that when I run them independently (run the individual tests in different tabs) and switch around in random order, the one that goes faster/slower will vary. I believe having to wait on the RNG is also the reason that between test runs it can have a surprisingly large variance. When I look at the resources used, both of them spend the vast majority of their time in the RSA.generate function which is independent of a passphrase being set. An initial test of this might be to simply switch the order in which the tests are run. To test the RNG aspect you might want to try overloading the securerandom function (just dont leave that in your code :P a la OpenSSL bug from a few years ago...). Thoughts? Sean On Thu, Mar 22, 2012 at 3:06 AM, Tankred Hase <[email protected]> wrote: > Hi Sean, > > ok, now I'll prove to you that key generation with a passphrase is slower > :) > > 1. Open the unit tests in Chrome: > > https://safewith-me.appspot.com/test/?filter=Asymmetric%20Crypto%3A%20Generate%20keys > 2. Open the console for logging output > 3. Run the two unit tests for about 10 time.s... the second one will > always be slower > > Here's the code of the unit tests (just to stress that the code only > differs with addition of the passphrase): > > // without passphrase > var start = (new Date).getTime(); > var keySize = 2048; > var keys = crypto.generateKeys(keySize, "[email protected]"); > var diff = (new Date).getTime() - start; > > // with passphrase > var email = "[email protected]"; > var passphrase = 'yxcv'; > > var start = (new Date).getTime(); > var keySize = 2048; > var keys = crypto.generateKeys(keySize, email, passphrase); > var diff = (new Date).getTime() - start; > > // crypto generateKeys function > this.generateKeys = function(numBits, email, pass) { > var userId = 'SafeWith.me User <' + email + '>'; > var keys = openpgp.generate_key_pair(1, numBits, userId, pass); // keytype > 1=RSA > > // store keys in html5 local storage > openpgp.keyring.importPrivateKey(keys.privateKeyArmored, pass); > openpgp.keyring.importPublicKey(keys.publicKeyArmored); > openpgp.keyring.store(); > > return keys; > }; > > Am 20. März 2012 13:24 schrieb Tankred Hase <[email protected]>: > > Hey, >> >> well 'openpgp.config.debug = false' if thats what you meant. I dont have >> any statistics to support this, but key generation without a passphrase >> seems to be almost always alot quicker than with, when executing the unit >> tests. >> >> Its the same code for both unit tests. But maybe Ill do a little >> benchmark to confirm my purely subjective analysis :) >> >> Tankred >> Am 20.03.2012 01:19 schrieb "Sean Colyer" <[email protected]>: >> >>> No it shouldn't take that long. In my extension, it only takes a few >>> seconds to generate with/without a key. If I were to guess, I'd say you >>> have debugging turned on, try turning it off and seeing how it goes. >>> >>> Sean >>> >>> On Mon, Mar 19, 2012 at 1:54 AM, Tankred Hase <[email protected]>wrote: >>> >>>> Hi Sean, >>>> >>>> it seems as though the key generation is almost always much slower when >>>> a passphrase is used: >>>> >>>> Time taken for key generation [ms]: 2336 (2048 bit RSA keypair, >>>> passphrase "undefined") >>>> crypto_test.js:36 <http://localhost:8888/test/crypto_test.js>Time >>>> taken for key generation [ms]: 34276 (2048 bit RSA keypair, passphrase >>>> "yxcv") >>>> >>>> Is this normal? >>>> >>>> Tankred >>>> >>>> Am 7. März 2012 12:40 schrieb Tankred Hase <[email protected]>: >>>> >>>> Hi Sean. I ran the unit test about 20 times with the fix. This time the >>>>> key IDs of each generated keypair always matched. Thanks! >>>>> >>>>> Tankred >>>>> >>>>> Am 7. März 2012 11:39 schrieb Sean Colyer <[email protected]>: >>>>> >>>>>> Good catch, Tankred. There was an issue where the time was not being >>>>>> passed between the key generation properly which was resulting in >>>>>> sometimes >>>>>> the ID's being the same and sometimes not. I have pushed a fix. Let me >>>>>> know if it works for you. >>>>>> >>>>>> Sean >>>>>> >>>>>> On Mon, Mar 5, 2012 at 8:05 PM, Tankred Hase <[email protected]>wrote: >>>>>> >>>>>>> So, I've tested this a bit more. Sometimes the public and private >>>>>>> key IDs match when the passphrase is set and sometimes they dont match. >>>>>>> Perhaps a bug? >>>>>>> >>>>>>> Tankred >>>>>>> >>>>>>> Am 6. März 2012 11:42 schrieb Tankred Hase <[email protected]>: >>>>>>> >>>>>>> So I've got a question regarding key generation in general. Is the >>>>>>>> key ID for the public and private key supposed to be the same for each >>>>>>>> keypair? Because they were (maybe by coincident) before the patch, and >>>>>>>> now >>>>>>>> they are sometimes different. >>>>>>>> >>>>>>>> Tankred >>>>>>>> >>>>>>>> Am 6. März 2012 11:05 schrieb Tankred Hase <[email protected]>: >>>>>>>> >>>>>>>> Hi Sean, >>>>>>>>> >>>>>>>>> I've integrated your improvements and updated the crypto unit >>>>>>>>> tests. It seems as though it's working quite well with passphrases... >>>>>>>>> both >>>>>>>>> key generation and decryption unit tests are working. Also there >>>>>>>>> seems to >>>>>>>>> be no decrease in performance. Great work, thank you :) >>>>>>>>> >>>>>>>>> Time taken for key generation [ms]: 8795 (2048 bit RSA keypair, >>>>>>>>> passphrase "asdf") >>>>>>>>> crypto_test.js:91 <http://localhost:8888/app/test/crypto_test.js>blob >>>>>>>>> size [bytes]: 2589258 >>>>>>>>> crypto_test.js:97 <http://localhost:8888/app/test/crypto_test.js>Time >>>>>>>>> taken for encryption [ms]: 1659 >>>>>>>>> crypto_test.js:99 <http://localhost:8888/app/test/crypto_test.js>blob >>>>>>>>> cipher size [bytes]: 3511050 >>>>>>>>> crypto_test.js:105<http://localhost:8888/app/test/crypto_test.js>Time >>>>>>>>> taken for decryption [ms]: 1762 >>>>>>>>> >>>>>>>>> crypto_test.js:109<http://localhost:8888/app/test/crypto_test.js>decrypted >>>>>>>>> blob size [bytes]: 2589258 >>>>>>>>> >>>>>>>>> Tankred >>>>>>>>> >>>>>>>>> >>>>>>>>> Am 3. März 2012 11:33 schrieb Nils Kenneweg < >>>>>>>>> [email protected]>: >>>>>>>>> >>>>>>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>>>>>>> Hash: SHA1 >>>>>>>>>> >>>>>>>>>> Am 02.03.2012 16:35, schrieb Sean Colyer: >>>>>>>>>> > I committed some code that includes better support for key >>>>>>>>>> > Generation. One of the big things that was added is the >>>>>>>>>> addition of >>>>>>>>>> > the passphrase argument. If no passphrase is provided, the key >>>>>>>>>> > generation does the same as before. >>>>>>>>>> > >>>>>>>>>> > This is implemented using s2k type 254, salt+iter, which is the >>>>>>>>>> > recommended option in OpenPGP standard. >>>>>>>>>> > >>>>>>>>>> > Also, all key generation in my testing has been updated to be >>>>>>>>>> > fully compatible with GPG, which is important as well. >>>>>>>>>> > >>>>>>>>>> > Tankred -- I know you've been using key generation a bit, can >>>>>>>>>> you >>>>>>>>>> > test this change out in your implementation? >>>>>>>>>> > >>>>>>>>>> > All others welcome to test as well. >>>>>>>>>> >>>>>>>>>> Awesome, I can finally start my first proof of concept for my >>>>>>>>>> project. >>>>>>>>>> Thanks a lot!! >>>>>>>>>> >>>>>>>>>> Greets, >>>>>>>>>> Nils >>>>>>>>>> -----BEGIN PGP SIGNATURE----- >>>>>>>>>> Version: GnuPG v2.0.17 (MingW32) >>>>>>>>>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ >>>>>>>>>> >>>>>>>>>> iQEcBAEBAgAGBQJPUWbdAAoJECvXQ9f0b0HoLO4H+wQPV+efqOQSocbOV3iHQNBk >>>>>>>>>> u3MX0cCU9UdI/sut7oU/Glet5Z1gcBpji1FL+iTpdraCcSJKUw1pQKF9T81vrakC >>>>>>>>>> 1cuoFiTyykSH04uICfjcVEEmMl8dJv692gRjJjk7f0MVohBDEwSFD7gAKsDZ+q4k >>>>>>>>>> ut6Kq8ajE0is1as9IUWxFSnTThI9oRL3nB99iFfy6HFUnmrs5BHZgouleqcNT2zq >>>>>>>>>> XBoQfCfrwvXZlKKdFw3F0g/Uf3WTLfndJ04ZrkWamov3XDnlOdxzJkcJGXJPRLDT >>>>>>>>>> 0uG+APcijoy+zR1Q8H0jETO0WXbzT1THixYlppXf9XxEQVEmVoIwpz5R31Q8Mbg= >>>>>>>>>> =BiHX >>>>>>>>>> -----END PGP SIGNATURE----- >>>>>>>>>> _______________________________________________ >>>>>>>>>> >>>>>>>>>> http://openpgpjs.org >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> >>>>>>> http://openpgpjs.org >>>>>>> >>>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> >>>>>> http://openpgpjs.org >>>>>> >>>>>> >>>>> >>>> >>>> _______________________________________________ >>>> >>>> http://openpgpjs.org >>>> >>>> >>> >>> _______________________________________________ >>> >>> http://openpgpjs.org >>> >>> > > _______________________________________________ > > http://openpgpjs.org > >
_______________________________________________ http://openpgpjs.org
