I am using gevent greenlet so I am very constrained by everything related to CPU computation. And I need to use a strong hashing method for password storage.
When I am not in a gevent context, I have the habit of using bcrypt but I did this small test :
import bcrypt
import time
password = b"toto"
start_hash = time.clock()
hashed = bcrypt.hashpw(password, bcrypt.gensalt())
print 'time hash bcrypt %s' % (time.clock() - start_hash)
start_compare = time.clock()
assert bcrypt.hashpw(password, hashed) == hashed
elapsed = (time.clock() - start_compare)
print 'time check bcrypt %s' % elapsed
Which results in :
time hash bcrypt 0.291887
time check bcrypt 0.293343
This take way too much time to be used as it is in a greenlet.
As a comparaison, the same type of computation using the old md5 hash :
time hash md5 4.1e-05
time check hash md5 1.1e-05
What solution do I have ?
Gevent works well with network and IO bound functions that take advantage of concurrency but bcrypt does not have this functionality.
Try using Processlet and ObjectPool. Processlet focuses on CPU bound tasks, like hashing, not IO bound tasks. A great example of using bcrypt with Processlet and ObjectPool can be found here.