You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm using PBE within a webapp to encrypt data on a per user basis. This appeared to work Ok, but I noticed my app was dying with an OOM error when I deployed it to fly.io. Further investigation shows that a single scrypt-based encryption is using over 500Mb which seems to be the cause. I've created a repo with the code I used to test the issue and added the output from heaptrack
I would like to be able to limit or set the work factor to cap memory usage - I notice there was a previous PR, #334, which did this, so I can create a fork along similar lines and use that with hard-coded values.
You mentioned a necessary refactor due to plans in the Go implementation to change PBE. Do you have a reference or a link for that? I realise there are different expectations between using a CLI to encrypt files and an API in an app, but it would be nice to have more control in the latter case since I have no control over how the work-factor is assigned on the cloud-based system and the performance-based work-factor estimate will also have an impact on the memory used.
The text was updated successfully, but these errors were encountered:
The refactor was completed in #507, and there's now an age::scrypt::Identity that has a set_max_work_factor method (replacing the previous argument to passphrase-based decryption). I'll add an equivalent set_work_factor method to the new age::scrypt::Recipient type, enabling library-based workflows to override the default (the rage CLI app, and the existing Encryptor::with_user_passphrase method, will remain unconfigurable in this regard).
This can only be configured by using `scrypt::Recipient` directly in a
library context. The helper method `Encryptor::with_user_passphrase`
does not expose this, and `rage` continues to use the default.
Closes#383.
I'm using PBE within a webapp to encrypt data on a per user basis. This appeared to work Ok, but I noticed my app was dying with an OOM error when I deployed it to fly.io. Further investigation shows that a single scrypt-based encryption is using over 500Mb which seems to be the cause. I've created a repo with the code I used to test the issue and added the output from heaptrack
I would like to be able to limit or set the work factor to cap memory usage - I notice there was a previous PR, #334, which did this, so I can create a fork along similar lines and use that with hard-coded values.
You mentioned a necessary refactor due to plans in the Go implementation to change PBE. Do you have a reference or a link for that? I realise there are different expectations between using a CLI to encrypt files and an API in an app, but it would be nice to have more control in the latter case since I have no control over how the work-factor is assigned on the cloud-based system and the performance-based work-factor estimate will also have an impact on the memory used.
The text was updated successfully, but these errors were encountered: