Hi
I am migrating a Classic ASP website to new hardware and it uses Pbkdf2 to create password hashes.
The old server has a 4-core Intel Xeon X3220 CPU and 4GB RAM (Windows Server 2003), while the new server has dual 10-core Xeon E5-2630 v4 CPUs and 64GB RAM (Windows Server 2012 R2).
Testing with 1,000 random passwords, the old server creates 1,000 hashes in ~70 seconds, but the new, more powerful server, takes ~80 seconds.
Shouldn't the new server be much faster at this process? I was hoping to increase the hash iterations on the new hardware.
Thanks
Kevin
Here's the function that creates the hash:
Public Function HashPassword(ByVal sPassword, ByRef sSalt)
Dim oCrypt
Dim oPrng
Dim sEntropy
Dim sCharset
Dim sHashAlgorithm
Dim iHashIterations
Dim sOutputBitLength
Dim sEncoding
sCharset = "utf-8"
sHashAlgorithm = "sha256"
iHashIterations = 10000
sOutputBitLength = 192
sEncoding = "base64"
Set oCrypt = Server.CreateObject("Chilkat_9_5_0.Crypt2")
If oCrypt.UnlockComponent(Application("chiklatunlockcode")) <> 1 Then
Set oCrypt = Nothing
HashPassword = ""
Response.Write("Crypt2 Unlock Error")
Response.End()
End If
' Set encoding mode (for salt generation) to same as that of the returned key as they must match;
oCrypt.EncodingMode = sEncoding
' Create random 16-byte (128-bit) salt using PRNG
Set oPrng = Server.CreateObject("Chilkat_9_5_0.Prng")
sEntropy = oPrng.GetEntropy(32, sEncoding)
oPrng.AddEntropy sEntropy, sEncoding
sSalt = (oPrng.GenRandom(16 ,sEncoding))
Set oPrng = Nothing
' generate and return key from Pbkdf2; return of salt is through the ByRef salt parameterc
HashPassword = oCrypt.Pbkdf2(sPassword, sCharset, sHashAlgorithm, sSalt, iHashIterations, sOutputBitLength, sEncoding)
Set oCrypt = Nothing
End Function