Hash Speed Test

[Back] This page provides some tests for Hash performance evaluation [View hashes]

Parameters

Message: The quick brown fox jumps over the lazy dog

Note: Each test is done for 40 hashes
Note: Bcrypt takes five rounds
Note: PBKDF2 takes five rounds

Method: Hashes per second SHA-1: 110917 SHA-256: 105554 SHA-512: 69341 MD5: 117610 SHA-3 (224-bit): 65433 DES: 153 Bcrypt: 184 APR1: 224 PBKDF2 (SHA1): 2228 PBKDF2 (SHA-256): 5791 LM Hash: 900 NT Hash: 21595 MS DCC: 26568 LDAP (MD5): 10953 LDAP (SHA1): 36576 MS SQL 2000: 11569 MySQL: 20804 Oracle 10: 117 Postgres (MD5): 21053 Cisco PIX: 12200 Cisco Type 7: 10712 Murmur: 1474904 Hashes SHA-1 2fd4e1c67a2d28fced849ee1bb76e7391b93eb12 SHA-256 d7a8fbb307d7809469ca9abcb0082e4f8d5651e46d3cdb762d02d0bf37c9e592 SHA-512 07e547d9586f6a73f73fbac0435ed76951218fb7d0c8d788a309d785436bbb642e93a252a954f23912547d1e8a3b5ed6e1bfd7097821233fa0538f3db854fee6 MD-5: 9e107d9d372bb6826bd81d3542a419d6 DES: ZDeS94Lcq/6zg Bcrypt: $2a$05$1qxn6ZD1uvdAwCC/XmuM1eKTib4TCzJWIUzcgL1C05QLuJnxHZ7Fu APR1: $apr1$ZDzPE45C$3PvRanPycmNc6c2G9wT9b/ PBKDF2 (SHA1): $pbkdf2$5$WkR6UEU0NUM$0RB2bimWrMY.EPYibpaBT2q3HFg PBKDF2 (SHA-256): $pbkdf2-sha256$5$WkR6UEU0NUM$yrJz2oJix7uBJZwZ/50vWUgdEI/i0ffqeU4obqC0pk4 LM Hash: a7b07f9948d8cc7f97c4b0b30cae500f NT Hash: 4e6a076ae1b04a815fa6332f69e2e231 MS DCC: efa9778bbc94a7360f664eb7d7144725 LDAP (MD5): {MD5}9e107d9d372bb6826bd81d3542a419d6 LDAP (SHA1): {SHA}2fd4e1c67a2d28fced849ee1bb76e7391b93eb12 MS SQL 2000: 0x01008B9192D21C341553D7736884EB3910D07BAD4E51E3D06E96FC080BE3B80C996C692CD21489251C3349A3DA1E MySQL: *A4E4D26FD0C6455E23E2187C3AABE844332AA1B3 Oracle 10: 4CDA2299FCAD0499 Postgres (MD5): md5d44c15daa11770f25c5350f7e5408dd1 Cisco PIX: kGyKN5CqdFQ1qJUs Cisco Type 7: 15260309443B3E2D2B3875200108010D41505640135E1B0E080519574156401540035E460B594D1D53020B5C

Sample run

If a hash method is fast it can be broken easier than a slower one, but one that is fast can be used to quickly hash values.

For a sample run, we can now rank in classifications:

Ulta fast:
Murmur:	        545,716 hashes per second

Fast: 
SHA-1:          134,412
SHA-256:        126,323
MD5:            125,741
SHA-512:         76,005
SHA-3 (224-bit): 72,089

Medium speed:
LDAP (SHA1):	13,718
MS DCC:	         9,582
NT Hash:         7,782
MySQL:	         7,724
Postgres (MD5):	 7,284

Slow:
PBKDF2 (SHA-256): 5,026
Cisco PIX:        4,402
MS SQL 2000:      4,225
LDAP (MD5):       4,180
Cisco Type 7:     3,775
PBKDF2 (SHA1):	  2,348

Ulta-slow:
LM Hash:          733
APR1:             234
Bcrypt:           103
DES:               88
Oracle 10:         48

We can see, for speed, that Murmur wipes the floor with the rest, with MD5, SHA-1 and SHA-256 all coming in at around the same speed. For the slowcoaches we include Bcrypt, Oracle 10 and ARP1. With Bcrypt and PBKDF2 we have only done five rounds, so in real-life these methods would be even slower. So if you want to slow down an intruder ... use Bcrypt or PBKDF2.

Code

In the code we compute the hash 40 times and measure the time. The outline of the code used is:

import timeit
from time import time
import sys
from hashlib import md5
import passlib.hash;
import mmh3    
import smhasher 
import bcrypt

num = 30
repeat_n=1
salt="ZDzPE45C"
string="the boy stood on the burning deck"
salt2="1111111111111111111111"

setup_c="""
from hashlib import md5
import mmh3
import smhasher
import hashlib
import passlib.hash;
#import pyhash
salt="ZDzPE45C"
string="the boy stood on the burning deck"
salt2="1111111111111111111111"

"""


import hashlib;
import passlib.hash;
import sys;

import warnings
warnings.filterwarnings("ignore", category=DeprecationWarning) 

print ("Word: ",string)
print ("Salt: ",salt)

print("\nMethod:\t\t\tHashes per second")
t=timeit.timeit(stmt="hashlib.sha1(string.encode()).hexdigest()", setup=setup_c, number=num)
print("SHA-1:\t\t\t",int(40/t))
t=timeit.timeit(stmt="hashlib.sha256(string.encode()).hexdigest()", setup=setup_c,  number=num)
print("SHA-256:\t\t",int(40/t))

t=timeit.timeit(stmt="hashlib.sha512(string.encode()).hexdigest()", setup=setup_c,  number=num)
print("SHA-512:\t\t",int(40/t))

t=timeit.timeit(stmt="md5(string.encode()).hexdigest()", setup=setup_c,  number=num)
print("MD5:\t\t\t",int(40/t))

t=timeit.timeit(stmt="passlib.hash.des_crypt.encrypt(string.encode(), salt=salt[:2])", setup=setup_c,  number=num)
print("DES:\t\t\t",int(40/t))

# t=timeit.timeit(stmt="bcrypt.kdf(string.encode(),salt=salt.encode(),desired_key_bytes=32,rounds=100 )", setup=setup_c,  number=num)

# print("Bcrypt:\t\t\t",int(40/t))

# t= timeit.timeit(stmt="passlib.hash.apr_md5_crypt.encrypt(string.encode(), salt=salt)", setup=setup_c,  number=num)
# print("APR1:\t\t\t",int(40/t))

#print "PHPASS:\t\t\t",  timeit.timeit(stmt="passlib.hash.phpass.encrypt(string, salt=salt)", setup=setup_c,  number=num)

t= timeit.timeit(stmt="passlib.hash.pbkdf2_sha1.encrypt(string.encode(),rounds=5, salt=salt.encode())", setup=setup_c,  number=num)
print("PBKDF2 (SHA1):\t\t",int(40/t))

t=timeit.timeit(stmt="passlib.hash.pbkdf2_sha256.encrypt(string.encode(),rounds=5, salt=salt.encode())", setup=setup_c,  number=num)
print("PBKDF2 (SHA-256):\t",int(40/t))

t= timeit.timeit(stmt="passlib.hash.lmhash.encrypt(string.encode())", setup=setup_c,  number=num)
print("LM Hash:\t\t",int(40/t))

t=timeit.timeit(stmt="passlib.hash.nthash.encrypt(string.encode())", setup=setup_c,  number=num)
print("NT Hash:\t\t",int(40/t))

t=timeit.timeit(stmt="passlib.hash.msdcc.encrypt(string.encode(), salt)", setup=setup_c,  number=num)
print("MS DCC:\t\t\t",int(40/t))

t= timeit.timeit(stmt="passlib.hash.ldap_hex_md5.encrypt(string.encode())", setup=setup_c,  number=num)
print("LDAP (MD5):\t\t",int(40/t))

t=timeit.timeit(stmt="passlib.hash.ldap_hex_sha1.encrypt(string.encode())", setup=setup_c,  number=num)

print("LDAP (SHA1):\t\t",int(40/t))

t=timeit.timeit(stmt="passlib.hash.atlassian_pbkdf2_sha1.encrypt(string.encode())", setup=setup_c,  number=num)
print("LDAP (Lass):\t\t",int(40/t))


t=timeit.timeit(stmt="passlib.hash.mssql2000.encrypt(string.encode())", setup=setup_c,  number=num)
print("MS SQL 2000:\t\t",int(40/t))

t=timeit.timeit(stmt="passlib.hash.mysql41.encrypt(string.encode())", setup=setup_c,  number=num)
print("MySQL:\t\t\t",int(40/t))

t= timeit.timeit(stmt="passlib.hash.oracle10.encrypt(string.encode(), user=salt)", setup=setup_c,  number=num)
print("Oracle 10:\t\t",int(40/t))

t= timeit.timeit(stmt="passlib.hash.postgres_md5.encrypt(string.encode(), user=salt)", setup=setup_c,  number=num)
print("Postgres (MD5):\t\t",int(40/t))

t= timeit.timeit(stmt="passlib.hash.cisco_pix.encrypt(string[:16].encode(), user=salt.encode())", setup=setup_c,  number=num)
print("Cisco PIX:\t\t",int(40/t))

t=timeit.timeit(stmt="passlib.hash.cisco_type7.encrypt(string.encode())", setup=setup_c,  number=num)
print("Cisco Type 7:\t\t",int(40/t))


t=timeit.timeit(stmt="mmh3.hash_bytes(string)", setup=setup_c,  number=num)
print("Murmur:\t\t\t",int(40/t))

print("\nHashes")
print("SHA-1\t",hashlib.sha1(string.encode()).hexdigest())
print("SHA-256\t",hashlib.sha256(string.encode()).hexdigest())
print("SHA-512\t",hashlib.sha512(string.encode()).hexdigest())

print("MD-5:\t\t\t", md5(string.encode()).hexdigest())
print("DES:\t\t\t",  passlib.hash.des_crypt.encrypt(string.encode(), salt=salt[:2]))

print("Bcrypt:\t\t\t", bcrypt.kdf(string.encode(),salt=salt.encode(),desired_key_bytes=32,rounds=100 ).hex())

print("APR1:\t\t\t",  passlib.hash.apr_md5_crypt.encrypt(string.encode(), salt=salt))

print("PBKDF2 (SHA1):\t\t",  passlib.hash.pbkdf2_sha1.encrypt(string.encode(),rounds=5, salt=salt.encode()))
print("PBKDF2 (SHA-256):\t", passlib.hash.pbkdf2_sha256.encrypt(string,rounds=5, salt=salt.encode()))

print("LM Hash:\t\t",  passlib.hash.lmhash.encrypt(string.encode()))
print("NT Hash:\t\t",  passlib.hash.nthash.encrypt(string.encode()))
print("MS DCC:\t\t\t",  passlib.hash.msdcc.encrypt(string.encode(), salt))

print("LDAP (MD5):\t\t", passlib.hash.ldap_hex_md5.encrypt(string.encode()))
print("LDAP (SHA1):\t\t",  passlib.hash.ldap_hex_sha1.encrypt(string.encode()))

print("MS SQL 2000:\t\t",  passlib.hash.mssql2000.encrypt(string.encode()))
print("MySQL:\t\t\t",  passlib.hash.mysql41.encrypt(string.encode()))
print("Oracle 10:\t\t",  passlib.hash.oracle10.encrypt(string.encode(), user=salt))
print("Postgres (MD5):\t\t", passlib.hash.postgres_md5.encrypt(string.encode(), user=salt))
print("Cisco PIX:\t\t",  passlib.hash.cisco_pix.encrypt(string[:16].encode(), user=salt))
print("Cisco Type 7:\t\t",  passlib.hash.cisco_type7.encrypt(string.encode()))