Benchmarking Blowfish

benchfish.md

MacBook Pro 13" i7 @ 2.7GHz, 16GB

4 rounds mean (from 100 iters): 0.00127s per call (~784.45 hashes/s)
5 rounds mean (from 100 iters): 0.00236s per call (~423.79 hashes/s)
6 rounds mean (from 100 iters): 0.00454s per call (~220.03 hashes/s)
7 rounds mean (from 100 iters): 0.01016s per call (~98.45 hashes/s)
8 rounds mean (from 100 iters): 0.01793s per call (~55.78 hashes/s)
9 rounds mean (from 100 iters): 0.03526s per call (~28.36 hashes/s)
10 rounds mean (from 71 iters): 0.07035s per call (~14.22 hashes/s)
11 rounds mean (from 35 iters): 0.14112s per call (~7.09 hashes/s)
12 rounds mean (from 17 iters): 0.28184s per call (~3.55 hashes/s)
13 rounds mean (from 8 iters): 0.56156s per call (~1.78 hashes/s)
14 rounds mean (from 4 iters): 1.12450s per call (~0.89 hashes/s)
15 rounds mean (from 2 iters): 2.25992s per call (~0.44 hashes/s)
16 rounds mean (from 1 iters): 4.52169s per call (~0.22 hashes/s)
17 rounds mean (from 0 iters): 9.01126s per call (~0.11 hashes/s)
18 rounds mean (from 0 iters): 18.12730s per call (~0.06 hashes/s)
19 rounds mean (from 0 iters): 36.46308s per call (~0.03 hashes/s)
20 rounds mean (from 0 iters): 73.36482s per call (~0.01 hashes/s)

VPS on (Shared) Intel Xeon CPU E5620 @ 2.40GHz, 512MB

4 rounds mean (from 100 iters): 0.00159s per call (~628.96 hashes/s)
5 rounds mean (from 100 iters): 0.00299s per call (~334.41 hashes/s)
6 rounds mean (from 100 iters): 0.00570s per call (~175.57 hashes/s)
7 rounds mean (from 100 iters): 0.01109s per call (~90.17 hashes/s)
8 rounds mean (from 100 iters): 0.02220s per call (~45.05 hashes/s)
9 rounds mean (from 100 iters): 0.04413s per call (~22.66 hashes/s)
10 rounds mean (from 55 iters): 0.08720s per call (~11.47 hashes/s)
11 rounds mean (from 28 iters): 0.17522s per call (~5.71 hashes/s)
12 rounds mean (from 14 iters): 0.35067s per call (~2.85 hashes/s)
13 rounds mean (from 7 iters): 0.69691s per call (~1.43 hashes/s)
14 rounds mean (from 3 iters): 1.40740s per call (~0.71 hashes/s)
15 rounds mean (from 1 iters): 2.81879s per call (~0.35 hashes/s)
16 rounds mean (from 1 iters): 5.58985s per call (~0.18 hashes/s)
17 rounds mean (from 1 iters): 11.19499s per call (~0.09 hashes/s)
18 rounds mean (from 1 iters): 22.67917s per call (~0.04 hashes/s)
19 rounds mean (from 1 iters): 45.31955s per call (~0.02 hashes/s)
20 rounds mean (from 1 iters): 89.72006s per call (~0.01 hashes/s)

benchfish.php

<?php
error_reporting(E_ALL);
ini_set('display_errors', true);

/**
 * Benchmark blowfish execution time with different #rounds.
 * @author Tom Hennigan <[email protected]>
 * @date 24-12-2012
 */

$test = function ($rounds) {
  // We use a static salt to avoid benchmarking the RNG as well.
  $notSoRandomSalt = 'OMbSIk2dfA0cY0p.cAGMje';
  $hashStr = sprintf('$2a$%02d$%s', $rounds, $notSoRandomSalt);
  return crypt('testPassword', $hashStr);
};

// We could go up to 31, but above 20 the hashes take > 1min to compute on
// modern hardware, so aren't particuarly practical in most applications.
$testParams = range(4, 20);

foreach ($testParams as $testParam) {
  $times = array();

  if (!is_array($testParam)) {
    // Single arg to test, wrap for call_user_func_array.
    $testParam = array($testParam);
  }

  // Bench once to estimate number of tests to take.
  $start = microtime(true);
  call_user_func_array($test, $testParam);
  $taken = microtime(true) - $start;
  $times[] = $taken;

  // 100 times or < 5s per test.
  $maxExecutionTime = 5;
  if ($taken > $maxExecutionTime) {
    $iters = 1;
  } else {
    // If we're going to take the mean then work out how many iterations.
    $iters = min(100, $maxExecutionTime / $taken);
    for ($i = 1; $i < $iters; $i++) {
      $start = microtime(true);
      call_user_func_array($test, $testParam);
      $taken = microtime(true) - $start;
      $times[] = $taken;
    }
  }

  $meanTime = array_sum($times) / count($times);
  printf("%s rounds mean (from %d iters): %.5fs per call (~%.2f hashes/s)\n", implode(',', $testParam), $iters, $meanTime, 1 / $meanTime);
}