added 7 characters in body

Source Link

edited Nov 19 at 5:39

377
2
3
9

In our system we are hashing passwords with the following method.

public static string HashPassword(string password, byte[] salt)
{
    if (salt == null)
    {
        throw new ArgumentNullException($"{nameof(salt)}");
    }

    var pbkdf2 = new Rfc2898DeriveBytes(
        password,
        salt,
        Iterations,
        HashingAlgorithm
    );

    byte[] hash = pbkdf2.GetBytes(KeySize);

    return $"{Convert.ToBase64String(salt)}{SaltEndMarker}{Convert.ToBase64String(hash)}";
}

For maintenance reasons, we want to set initial hash in the database. As this is a complex algorithm, I thought to use a SQL CLR function, instead of implementing the algorithm directly in SQL. The SQL CLR function approach works, but in comparison to the pure .NET App, is slower in the order of 2-3 magnitudes.

I did some experiments by changing the number of iterations, 1000 takes less than 1 sec, 10K takes 7 sec and 100K 70 sec.

Does anyone have an explanation why the SQL CLR function vs pure .NER App difference? How can it be sped up?

Edited:

SQL server version: Microsoft SQL Server 2019
I know that the number of iterations should be greater than 10K. I tried with different values to see how the execution time changes.

In our system we are hashing passwords with the following method.

public static string HashPassword(string password, byte[] salt)
{
    if (salt == null)
    {
        throw new ArgumentNullException($"{nameof(salt)}");
    }

    var pbkdf2 = new Rfc2898DeriveBytes(
        password,
        salt,
        Iterations,
        HashingAlgorithm
    );

    byte[] hash = pbkdf2.GetBytes(KeySize);

    return $"{Convert.ToBase64String(salt)}{SaltEndMarker}{Convert.ToBase64String(hash)}";
}

For maintenance reasons, we want to set initial hash in the database. As this is a complex algorithm, I thought to use a SQL CLR function, instead of implementing the algorithm directly in SQL. The SQL CLR function approach works, but in comparison to the pure .NET App, is slower in the order of 2-3 magnitudes.

I did some experiments by changing the number of iterations, 1000 takes less than 1 sec, 10K takes 7 sec and 100K 70 sec.

Does anyone have an explanation why the SQL CLR function vs pure .NER App difference? How can it be sped up?

SQL server version: Microsoft SQL Server 2019
I know that the number of iterations should be greater than 10K. I tried with different values to see how the execution time changes.

In our system we are hashing passwords with the following method.

public static string HashPassword(string password, byte[] salt)
{
    if (salt == null)
    {
        throw new ArgumentNullException($"{nameof(salt)}");
    }

    var pbkdf2 = new Rfc2898DeriveBytes(
        password,
        salt,
        Iterations,
        HashingAlgorithm
    );

    byte[] hash = pbkdf2.GetBytes(KeySize);

    return $"{Convert.ToBase64String(salt)}{SaltEndMarker}{Convert.ToBase64String(hash)}";
}

For maintenance reasons, we want to set initial hash in the database. As this is a complex algorithm, I thought to use a SQL CLR function, instead of implementing the algorithm directly in SQL. The SQL CLR function approach works, but in comparison to the pure .NET App, is slower in the order of 2-3 magnitudes.

I did some experiments by changing the number of iterations, 1000 takes less than 1 sec, 10K takes 7 sec and 100K 70 sec.

Does anyone have an explanation why the SQL CLR function vs pure .NER App difference? How can it be sped up?

Edited:

SQL server version: Microsoft SQL Server 2019
I know that the number of iterations should be greater than 10K. I tried with different values to see how the execution time changes.

deleted 3 characters in body; edited title

Source Link

edited Nov 18 at 14:32

Dale K

28.1k
15
59
85

SQL CLR function bad performance comparing to .Net appNET App

In our system we are hashing passwords with the following method.

public static string HashPassword(string password, byte[] salt)
{
    if (salt == null)
    {
        throw new ArgumentNullException($"{nameof(salt)}");
    }

    var pbkdf2 = new Rfc2898DeriveBytes(
        password,
        salt,
        Iterations,
        HashingAlgorithm
    );

    byte[] hash = pbkdf2.GetBytes(KeySize);

    return $"{Convert.ToBase64String(salt)}{SaltEndMarker}{Convert.ToBase64String(hash)}";
}

For maintenance reasons, we want to set initial hash in the database. As this is a complex algorithm, I thought to use a SQL CLR function, instead of implementing the algorithm directly in SQL. The SQL CLR function approach works, but in comparison to the pure .Net appNET App, is slower in the order of 2-3 magnitudes.

I did some experiments by changing the number of Iterationsiterations, 1000 takes less than 1 sec, 10K takes 7 sec and 100K 70 sec.

Does anyone have an explanation why the SQL CLR function vs pure .Net appNER App difference? How can it be sped up?

Edited

SQL server version: Microsoft SQL Server 2019
I know that the number of Iterationiterations should be greater than 10K. I tried with different values to see how the execution time changes.

SQL CLR function bad performance comparing to .Net app

In our system we are hashing passwords with the following method.

public static string HashPassword(string password, byte[] salt)
{
    if (salt == null)
    {
        throw new ArgumentNullException($"{nameof(salt)}");
    }

    var pbkdf2 = new Rfc2898DeriveBytes(
        password,
        salt,
        Iterations,
        HashingAlgorithm
    );

    byte[] hash = pbkdf2.GetBytes(KeySize);

    return $"{Convert.ToBase64String(salt)}{SaltEndMarker}{Convert.ToBase64String(hash)}";
}

For maintenance reasons, we want to set initial hash in the database. As this is a complex algorithm, I thought to use SQL CLR function, instead of implementing the algorithm directly in SQL. The SQL CLR function approach works, but in comparison to pure .Net app, is slower in the order of 2-3 magnitudes.

I did some experiments by changing the number of Iterations, 1000 takes less than 1 sec, 10K takes 7 sec and 100K 70 sec.

Does anyone have an explanation why the SQL CLR function vs pure .Net app difference? How can it be sped up?

Edited

SQL server version: Microsoft SQL Server 2019
I know that the number of Iteration should be greater than 10K. I tried with different values to see how the execution time changes.

SQL CLR function bad performance comparing to .NET App

In our system we are hashing passwords with the following method.

public static string HashPassword(string password, byte[] salt)
{
    if (salt == null)
    {
        throw new ArgumentNullException($"{nameof(salt)}");
    }

    var pbkdf2 = new Rfc2898DeriveBytes(
        password,
        salt,
        Iterations,
        HashingAlgorithm
    );

    byte[] hash = pbkdf2.GetBytes(KeySize);

    return $"{Convert.ToBase64String(salt)}{SaltEndMarker}{Convert.ToBase64String(hash)}";
}

For maintenance reasons, we want to set initial hash in the database. As this is a complex algorithm, I thought to use a SQL CLR function, instead of implementing the algorithm directly in SQL. The SQL CLR function approach works, but in comparison to the pure .NET App, is slower in the order of 2-3 magnitudes.

I did some experiments by changing the number of iterations, 1000 takes less than 1 sec, 10K takes 7 sec and 100K 70 sec.

Does anyone have an explanation why the SQL CLR function vs pure .NER App difference? How can it be sped up?

SQL server version: Microsoft SQL Server 2019
I know that the number of iterations should be greater than 10K. I tried with different values to see how the execution time changes.

edited body

Source Link

edited Nov 18 at 13:57

siggemannen

10.1k
3
12
37

In our system we are hashing passwords with the following method.

public static string HashPassword(string password, byte[] salt)
{
    if (salt == null)
    {
        throw new ArgumentNullException($"{nameof(salt)}");
    }

    var pbkdf2 = new Rfc2898DeriveBytes(
        password,
        salt,
        Iterations,
        HashingAlgorithm
    );

    byte[] hash = pbkdf2.GetBytes(KeySize);

    return $"{Convert.ToBase64String(salt)}{SaltEndMarker}{Convert.ToBase64String(hash)}";
}

For maintenance reasons, we want to set initial hash in the database. As this is a complex algorithm, I thought to use SQL CLR function, instead of implementing the algorithm directly in SQL. The SQL CLR function approach works, but in comparison to pure .Net app, is slower in the order of 2-3 magnitudes.

I did some experiments by changing the number of Iterations, 1000 takes less than 1 sec, 10K takes 7 sec and 100K 70 sec.

Does anyone have an explanation why the SQL CLR function vs pure .Net app difference? How can it be sped up?

Edited

SQL server version: Microsoft SQL Server 2019
I know that the number of Iteration should be graetergreater than 10K. I tried with different values to see how the execution time changes.

In our system we are hashing passwords with the following method.

public static string HashPassword(string password, byte[] salt)
{
    if (salt == null)
    {
        throw new ArgumentNullException($"{nameof(salt)}");
    }

    var pbkdf2 = new Rfc2898DeriveBytes(
        password,
        salt,
        Iterations,
        HashingAlgorithm
    );

    byte[] hash = pbkdf2.GetBytes(KeySize);

    return $"{Convert.ToBase64String(salt)}{SaltEndMarker}{Convert.ToBase64String(hash)}";
}

For maintenance reasons, we want to set initial hash in the database. As this is a complex algorithm, I thought to use SQL CLR function, instead of implementing the algorithm directly in SQL. The SQL CLR function approach works, but in comparison to pure .Net app, is slower in the order of 2-3 magnitudes.

I did some experiments by changing the number of Iterations, 1000 takes less than 1 sec, 10K takes 7 sec and 100K 70 sec.

Does anyone have an explanation why the SQL CLR function vs pure .Net app difference? How can it be sped up?

Edited

SQL server version: Microsoft SQL Server 2019
I know that the number of Iteration should be graeter than 10K. I tried with different values to see how the execution time changes.

In our system we are hashing passwords with the following method.

public static string HashPassword(string password, byte[] salt)
{
    if (salt == null)
    {
        throw new ArgumentNullException($"{nameof(salt)}");
    }

    var pbkdf2 = new Rfc2898DeriveBytes(
        password,
        salt,
        Iterations,
        HashingAlgorithm
    );

    byte[] hash = pbkdf2.GetBytes(KeySize);

    return $"{Convert.ToBase64String(salt)}{SaltEndMarker}{Convert.ToBase64String(hash)}";
}

For maintenance reasons, we want to set initial hash in the database. As this is a complex algorithm, I thought to use SQL CLR function, instead of implementing the algorithm directly in SQL. The SQL CLR function approach works, but in comparison to pure .Net app, is slower in the order of 2-3 magnitudes.

I did some experiments by changing the number of Iterations, 1000 takes less than 1 sec, 10K takes 7 sec and 100K 70 sec.

Does anyone have an explanation why the SQL CLR function vs pure .Net app difference? How can it be sped up?

Edited

SQL server version: Microsoft SQL Server 2019
I know that the number of Iteration should be greater than 10K. I tried with different values to see how the execution time changes.

added 26 characters in body

Source Link

edited Nov 18 at 13:03

Cerkvenic

377
2
3
9

Loading

added 60 characters in body

Source Link

edited Nov 18 at 12:56

Cerkvenic

377
2
3
9

Loading

edited tags

Link

edited Nov 18 at 12:53

jarlh

44.9k
8
52
68

Loading

added 60 characters in body

Source Link

edited Nov 18 at 12:53

Cerkvenic

377
2
3
9

Loading

deleted 132 characters in body

Source Link

edited Nov 18 at 12:15

Jon Skeet

1.5m
893
9.3k
9.3k

Loading

Source Link

asked Nov 18 at 12:07

Cerkvenic

377
2
3
9

Loading

Collectives™ on Stack Overflow

Return to Question

SQL CLR function bad performance comparing to .Net appNET App

SQL CLR function bad performance comparing to .Net app

SQL CLR function bad performance comparing to .NET App