DES performance in jastypt
-
02-01-2020 - |
Question
Currently we're using PBEWithMD5AndDES as a 2-way encryption algorithm for usernames, email addresses birthdates? It doesn't seem particularly performant (1 minute to read and write 30k DB rows in large batches, with 1 string encrypted string per row).
Does this seem reasonable? Or is there anything better.
Also, its not clear to me whether the default PBEWithMD5AndDES algorithm in jastypt performs multiple iterations or just one.
Solution
Encryption operations are always quite slow. Anyway, if you are using a fixed salt generator, jasypt 1.9.2 includes an optimization that saves some initialization calls and might improve your performance: http://jasypt.org/changelogs/jasypt/ChangeLog.txt
As for iterations, note that iteration in PBE encryption (two-way) is only performed in order to obtain the encryption key (it is obtained by applying a hash function on the password, which is not a byte[] encryption key but an unlimited-strength String). The amount of iterations performed on the hash function that obtains the key can be configured in most encryptor objects by means of a keyObtentionIterations
property (and if not, javadoc will explain the value chosen).
Disclaimer, per stackoverflow rules: I'm jasypt's author.