Skip to content

perf: random tokens do not need to be hashed #313

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jul 25, 2024
Merged

perf: random tokens do not need to be hashed #313

merged 2 commits into from
Jul 25, 2024

Conversation

@dhensby
Copy link
Contributor

@dhensby dhensby commented Jul 24, 2024
edited
Loading

There are some wasted CPU cycles when generating the random tokens.

There's no need to generate extra random bytes only to hash them. A random input will lead to a random hash being generated, but the random input is enough in its own right and does not need to be hashed to make it any more or less secure. The amount of entropy is capped at 32 bytes when hashed, so we may as well just provide 32 random bytes.

As an added bonus, this also returns the method to a true non-blocking async function.

@dhensby
perf: random tokens do not need to be hashed
7ca62ee 
There's no need to generate extra random bytes only to hash them. A random input
will lead to a random hash being generated, but the random input is enough in its
own right and does not need to be hashed to make it any more or less secure. The
amount of entropy is capped at 32 bytes when hashed, so we may as well just provide
32 random bytes.
@jankapunkt
Copy link
Member

jankapunkt commented Jul 25, 2024

@dhensby thanks for the improvement. Do you have experience with performance tests? I think they would be a great addition in the long run for methods like these.

@dhensby
Copy link
Contributor Author

dhensby commented Jul 25, 2024

I haven't written or run performance tests before. I know there are even more theoretical improvements to be made to performance around random number generation (I know that the uuid lib has done some performance work around that by not hitting randomBytes every time), but it depend how focused on performance we are whether we want to implement those kinds of optimisations.

@dhensby dhensby merged commit bc16601 into node-oauth:master Jul 25, 2024
@dhensby dhensby deleted the pulls/perf-improvement branch July 25, 2024 10:51
@P376EM2 P376EM2 mentioned this pull request Aug 22, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jankapunkt jankapunkt jankapunkt approved these changes

@Uzlopak Uzlopak Awaiting requested review from Uzlopak

@HappyZombies HappyZombies Awaiting requested review from HappyZombies

@jorenvandeweyer jorenvandeweyer Awaiting requested review from jorenvandeweyer

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dhensby @jankapunkt