Comments (6)
Update- I found that one of the keys in key_arns
did not have a replica in my region. Adding a replica key in my region seems to resolve the issue.
However, I'm curious why just having the key in the key_ids stochastically makes it change speed?
from aws-encryption-sdk-python.
Also, it seems that the first decrypt operation is always slower.
TIME ELAPSED:decrypting: 0.0799s
TIME ELAPSED:decrypting: 0.0263s
TIME ELAPSED:decrypting: 0.0277s
Is there some overhead that causes this? Is it possible to preload to avoid?
from aws-encryption-sdk-python.
Hi @timnlupo, thanks for reaching out. Given the same ciphertext, consecutive decryptions should run deterministically. So any timing differences are likely to be caused by either network conditions between your host and AWS, or timing differences on the KMS side.
It's a bit hard to comment any more specifically on timing differences without more details. Can you please answer the following?
- How many keys are in
key_arns
? In which regions do they reside? Are they multi-Region AWS KMS keys? - Where is this benchmark running? Is it running within the same region during each run?
- Can you clarify what you mean by "the faster time" and "the slower time"? Are these timing distributions representative of more runs of your benchmark?
from aws-encryption-sdk-python.
Hey @alex-chew. I figured out one of the issues- turns out I made a mistake configuring environment variables and the ciphertext that I was decrypting with the "slower time" (the second log I linked) was slower because it was encrypted with keys from two different regions. When I re-encrypted the content with two keys that were both in the same region, I could consistently reproduce the "faster time". That problem is solved
However, I noticed that on every run I see a pattern similar to the one below.
TIME ELAPSED:encrypting: 0.3682s
TIME ELAPSED:decrypting: 0.0799s
TIME ELAPSED:decrypting: 0.0263s
TIME ELAPSED:decrypting: 0.0277s
TIME ELAPSED:decrypting: 0.0263s
TIME ELAPSED:decrypting: 0.0277s
TIME ELAPSED:decrypting: 0.0269s
TIME ELAPSED:decrypting: 0.0253s
TIME ELAPSED:decrypting: 0.0234s
TIME ELAPSED:decrypting: 0.0262s
TIME ELAPSED:decrypting: 0.0252s
TIME ELAPSED:decrypting: 0.0287s
TIME ELAPSED:decrypting: 0.0551s
TIME ELAPSED:decrypting: 0.0279s
TIME ELAPSED:decrypting: 0.0284s
TIME ELAPSED:decrypting: 0.0313s
TIME ELAPSED:decrypting: 0.0300s
TIME ELAPSED:decrypting: 0.0284s
TIME ELAPSED:decrypting: 0.0277s
TIME ELAPSED:decrypting: 0.0288s
TIME ELAPSED:decrypting: 0.0271s
I notice the first decrypt (and sometimes other decrypts, eg the 0.0551s
one) take ~3x slower then the fastest. Could a discrepancy this large be explained by the differences in ciphertext?
Not a big deal but I'm curious. Thanks so much.
from aws-encryption-sdk-python.
Hi @timnlupo, glad to hear you were able to figure out the major timing difference.
Could a discrepancy this large be explained by the differences in ciphertext?
Assuming this most recent log is produced by running your original code, then there is no difference in ciphertext because the code decrypts the same ciphertext twenty times. So no significant discrepancy should be expected in the code running on your machine. Instead, the timing difference is more likely to be due to caching, either on the KMS side or perhaps in network routing - but it's hard to say conclusively without more details and diagnostic information.
from aws-encryption-sdk-python.
I'm going to go ahead and close this out, but feel free to re-open it or create a new issue if you have any other questions or concerns.
from aws-encryption-sdk-python.
Related Issues (20)
- Decryption error: 'unpack requires a buffer of 1 bytes'
- Deliver keyrings for Python
- Timeout for StrictAwsKmsMasterKeyProvider HOT 2
- Use of verify_interface HOT 5
- Decrypting database monitoring events HOT 2
- Getting aws encryption sdk error in our Jenkins build while trying to decrypt your .crt file HOT 3
- Feature request: API to pass KMSMasterKeyProviderConfig to key providers' KMS clients
- Support for KMS Attestation when running inside Nitro Enclave HOT 1
- Does AWS Encryption SDK support AES256 encryption/decryption and SHA256 checksum calculation? HOT 2
- Wrong formatting in the deprecated python warning HOT 2
- thread safety? HOT 2
- Feature request: Add support for typing with mypy HOT 2
- CI: Avoid GH throttling via Consolidation
- Remove Exception level logging statements HOT 1
- Decrypt issue HOT 2
- Issue with the /lib64/libc.so.6: version `GLIBC_2.28' not found (required by /var/task/cryptography/hazmat/bindings/_rust.abi3.so) HOT 2
- Logging an exception instead of / and a `raise` pollutes the log with extra traceback.
- Encrypting large ML model files HOT 1
- Update README required version of crypthograpy HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aws-encryption-sdk-python.