Should Cipher instances be pooled?

R

Rich Carreiro

Is it OK to call Cipher.getInstance() before each decrypt/encrypt
operation, or is it better to reuse an instance (or, in a
multi-threaded environment, have a pool of them)?

This came up because I'm working on something that uses nCipher's JCE
provider and there appear to be resource leaks internal to nCipher's
code. As part of trying to work around that, I wrote some test code
that can switch between calling Cipher.getInstance() before each
encrypt/decrypt operation or reusing a pool of Cipher instances.

(The encrypts/decrypts are all AES using CBC).

To my surprise, even with the vanilla SunJCE provider, reusing Cipher
instances -- even when having several threads using a Cipher instance
pool as small as a single instance -- ran considerably faster than
calling Cipher.getInstance() each time. (and yes, the calls to
Cipher's init() and doFinal() methods were in a synchronized block
synched on the instance I had gotten from the pool -- so it's not that
I was improperly interlacing method calls).
 
A

Arne Vajhøj

Rich said:
Is it OK to call Cipher.getInstance() before each decrypt/encrypt
operation, or is it better to reuse an instance (or, in a
multi-threaded environment, have a pool of them)?

This came up because I'm working on something that uses nCipher's JCE
provider and there appear to be resource leaks internal to nCipher's
code. As part of trying to work around that, I wrote some test code
that can switch between calling Cipher.getInstance() before each
encrypt/decrypt operation or reusing a pool of Cipher instances.

(The encrypts/decrypts are all AES using CBC).

To my surprise, even with the vanilla SunJCE provider, reusing Cipher
instances -- even when having several threads using a Cipher instance
pool as small as a single instance -- ran considerably faster than
calling Cipher.getInstance() each time.

It seems indeed as if the getInstance call is a relative
expensive call.

So if your code need to use hundreds of thousands or millions
of Cipher objects, then reusing may be a good idea.

But I suspect creating that many Cipher objects is not that
common a requirement.

Arne
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,902
Latest member
Elena68X5

Latest Threads

Top