Repetition Count Tuning for XML Authentication Policy
A use case was designed with XML authentication policy. For XML authentication policy, the username and password used during authentication are set in an XML file. This file consists of a parameter called the
repetitionCount, which is the number of iterations used to compute the hash for the password. The higher the
repetitionCount, the harder it becomes for an attacker to crack the password. However, using a higher repetition consumes more CPU time during the password verification. The default value is 1000. The following image shows an example of the XML file:
In this particular use case, it was observed that the throughput was low and the service was not scalable although the resources were available.
Testing and Measurement
The testing was focused on the aspects below:
- Load tests were run with a fixed concurrency and the default repetitionCount (1000).
- The results provided very low throughput. This was analyzed and the analysis showed that the calls most of the time was spent in the calls related to computing the hash for the password.
- Since the hashing is determined by the repetitionCount, this parameter value was reduced to 1 and the tests were run with the same concurrency.
Copyright © Cloud Software Group, Inc. All rights reserved.