Some browsers are faster at running these cryptographic routines than others. The results below are from casual (nay, unscientific!) speed measurements in the browsers I had handy on my machine.
- Chrome 26.0.1410.43
- Safari 5.1.8 (6534.58.2)
- Aurora 21.0a2 (2013-03-30)
- Firefox 19.0.2
- Macbook Air late 2010 (3,1), 1.6 GHz Core 2 Duo, 4 GB RAM, OS X 10.6.8
I had to exclude Firefox from the
nacl tests, since it lacks
Hashing strings/bytes with SHA-512
Here we see Safari has the edge. Aurora is oddly slow.
Computing random nonces
This is a thin wrapper over
wins hands-down here. I wonder how good the generated randomness is?
Authenticated encryption using a shared key
These are Salsa20/Poly1305 authenticated encryptions using a precomputed shared key. Broadly speaking, boxing was quicker than unboxing. The browsers perform roughly equally here.
Computing a shared key from public/private keys
These are operations whose runtime is dominated by the computation of
a Curve25519 operation. In three of the
four cases, the operation is used to compute a Diffie-Hellman shared
key from a public key and a secret key; in the remaining case
crypto_box_keypair_from_seed) it is used to compute a public key
from a secret key. Chrome is significantly faster than the other
scrypt Key Derivation Function
Here, Safari is the only browser that underperforms significantly. The
other three all compute an
scrypt-derived key in 2–4 seconds,
using defaults suggested by the
scrypt paper as being suitable for
scrypt is slow. Precompute Diffie-Hellman shared keys where you can.