Use one-shot HMACSHA1.HashData() for Identity TOTP values #36724
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
PR Title
Use
HMACSHA1.HashData()
for Identity TOTP values in.net6.0
and later.PR Description
Use the new static
HMACSHA1.HashData()
method when targeting .NET 6 and later to compute TOTP values for ASP.NET Core Identity.I originally left this out of #36368 as
Microsoft.Extensions.Identity.Core
multi-targets which made it non-trivial to update, and also wanted to verify whether adding the hash defines to use the newer methods actually provided performance benefits.I copied the relevant bits out of the solution into a throw-away console application using BenchmarkDotNet (source) and generated results for
net461
,netcoreapp2.0
,net5.0
andnet6.0
before and after the changes, the results of which are below.The gains are relatively modest, but improve the happy path in all scenarios; the unhappy paths are slower as multiple TOTP codes are tested over the validity window.
I guess the consideration for the team to accept the PR or not is the balance of the additional code for multi-targeting and unhappy path time increase vs. the reduced allocations and time decrease to the happy paths.
Benchmarks Summary
net6.0
in all benchmarked scenarios.Rfc6238AuthenticationService_GenerateCode
-416 B
vs.80 B
(0.19
)Rfc6238AuthenticationService_ValidateCode_Invalid
-928 B
vs.400 B
(0.43
)Rfc6238AuthenticationService_ValidateCode_Valid
-672 B
vs.160 B
(0.23
)AuthenticatorTokenProvider_ValidateAsync_Invalid
-1,064 B
vs.520 B
(0.48
)AuthenticatorTokenProvider_ValidateAsync_Valid
-808 B
vs.280 B
(0.34
)Rfc6238AuthenticationService_GenerateCode
-1.141 μs
vs.0.820 μs
(0.71
)Rfc6238AuthenticationService_ValidateCode_Valid
-2.120 μs
vs.1.633 μs
(0.77
)AuthenticatorTokenProvider_ValidateAsync_Valid
-2.680 μs
vs.2.198 μs
(0.82
)Rfc6238AuthenticationService_ValidateCode_Invalid
-2.995 μs
vs.3.981 μs
(1.33
)AuthenticatorTokenProvider_ValidateAsync_Invalid
-3.539 μs
vs.4.546 μs
(1.28
)Before
After