Java Keystore is giving performance issue? -

-

this question has answer here:

we have developed application encrypt/decrypt request/response from/to server. doing performance testing of encryption/decryption application have observed encryption/decryption process taking time, while many threads doing @ same time. identify issue, have logged every methods part of encryption/decryption process. logger have found key fetching process taking 70-80% of time overall time of process.

  1. we have used aes algorithm encryption/decryption
  2. aes key stored in key store unique id.
  3. before encryption/decryption process, fetch aes key stored against unique id key store & perform encryption/decryption.
  4. performance getting worse when key store size getting increased.

on further analysis, have found key store internally using hashtable. giving performance issue?

when key store size 2002 --- tps 85 key store size 14007 -- tps 38

please help.

note: answer bases on assumptions not provide details on used keystore format (jks, bks, jceks, ...).

i assume every time need key, load java keystore file (jks format).

the key store protected password , if don't use (empty password) password string used generate encryption key protects java keystore.

your main problem key derivation process password incorporates anti-brute-force algorithm performs 1000 or more iterations of sha1 on password. consumes lot of time intended result exists slowing down brute-force attacks.

edit: seems jks format not performs operation when loading when loading key.

conclusion: don't load java keystore or key every time. not designed loaded more once in minute.


Comments

Post a Comment

Popular posts from this blog

java - Suppress Jboss version details from HTTP error response -

-
my jboss verson jboss eap 6.3 when kind of error response sent jboss, adds server information response. following sample row response: http/1.1 400 bad request server: apache-coyote/1.1 content-type: text/html;charset=utf-8 content-length: 2391 date: tue, 19 jul 2016 09:30:46 gmt connection: close jboss web/7.4.8.final-redhat-4 - jbweb000064: error report jbweb000065: http status 400 - org.codehaus.jackson.map.jsonmappingexception: can not construct instance of mybean.type string value 'xyz': value not 1 of declared enum instance names @ [source: org.jboss.resteasy.core.interception.messagebodyreadercontextimpl$inputstreamwrapper@5e421c2b; line: 14, column: 26] (through reference chain: requestargs["request"]) jbweb000309: type jbweb000067: status report jbweb000068: message org.codehaus.jackson.map.jsonmappingexception: can not construct instance of mybean.type string value 'xyz': value not 1 of declared enum instance names @ [source: org.jboss...
Read more

gridview - Yii2 DataPorivider $totalSum for a column -

-
i have order , ordersearch models. in order list (actionindex) gridview there filtering , sorting. on of columns in order order_total (sum of products in order). i need implement sum of order_total in gridview. if manually counting activedataprovider->getmodels() array_map spend 3 seconds 3000 orders (localhost). don't want miss time. i see 2 ways make faster: create cache every filter , update lifetime (horrible) the interesting can right in ordersearch->search() method $query method. don't understand how can pass in controller. example of code 2nd way: class ordersearch extends order { public $totalsum; public function search($params) { $query = order::find(); $dataprovider = new activedataprovider([ 'query' => $query, ]); $this->load($params); $this->totalsum = $query->sum('order_total'); // works fast return $dataprovider; } } after i...
Read more

Sass watch command compiles .scss files before full sftp upload -

-
i use winscp download , edit .scss files , sass on linux (on server) compile them .css . after saving file, use: sass scss/style.scss css/style.css , replaces css file compiled sccs. the problem i want skip part return command line after editing scss file, sake of automation , saving time. but, if use watch command: sass --watch scss/style.scss:css/style.css synchronize 2 files, alerts nonexistent css errors pop up: change detected to: scss/style.scss error scss/style.scss (line 232: invalid css after "...ht: bold; line-": expected "{", "") note that when file uploads quicker usual (sometimes happens) watch command job, no errors. this because, when file upload takes time, sass compiles scss file (on server) before uploaded remote folder. thus, compiles part of file, resulting in css errors. is there way set timer watch command waits few seconds after detects changes , before compiling? any other way overcome is, of course, ...
Read more