Pregunta

I'm using PBKDF2, but this applies equally to BCrypt.

Hashing a password with a reasonable number of iterations can easily block for 0.5 seconds. What is a lightweight way to take this out of process? I'm reluctant to setup something like Celery or Gearman just for this operation.

¿Fue útil?

Solución

You could use a thread. This will not block tornado. Say that you have a handler that hashes passwords. Then the two relevant methods might look like this:

import threading

def on_message(self, message):
    # pull out user and password from message somehow
    thread = threading.Thread(target=self.hash_password, args=(user, password))
    thread.start()


def hash_password(self, user, password):
    # do the hash and save to db or check against hashed password

You could either wait for the thread to finish in the on_message method then write the response, or if you don't need to send a response then just let it finish and save the results in the hash_password method.

If you do wait for the thread to finish you have to be careful how you do it. time.sleep will block so you will want to use tornado's non blocking wait instead.

Licenciado bajo: CC-BY-SA con atribución
No afiliado a StackOverflow
scroll top