Should Cipher instances be pooled?

Discussion in 'Java' started by Rich Carreiro, Jul 30, 2009.

  1. Is it OK to call Cipher.getInstance() before each decrypt/encrypt
    operation, or is it better to reuse an instance (or, in a
    multi-threaded environment, have a pool of them)?

    This came up because I'm working on something that uses nCipher's JCE
    provider and there appear to be resource leaks internal to nCipher's
    code. As part of trying to work around that, I wrote some test code
    that can switch between calling Cipher.getInstance() before each
    encrypt/decrypt operation or reusing a pool of Cipher instances.

    (The encrypts/decrypts are all AES using CBC).

    To my surprise, even with the vanilla SunJCE provider, reusing Cipher
    instances -- even when having several threads using a Cipher instance
    pool as small as a single instance -- ran considerably faster than
    calling Cipher.getInstance() each time. (and yes, the calls to
    Cipher's init() and doFinal() methods were in a synchronized block
    synched on the instance I had gotten from the pool -- so it's not that
    I was improperly interlacing method calls).

    --
    Rich Carreiro
     
    Rich Carreiro, Jul 30, 2009
    #1
    1. Advertising

  2. Rich Carreiro

    Arne Vajhøj Guest

    Rich Carreiro wrote:
    > Is it OK to call Cipher.getInstance() before each decrypt/encrypt
    > operation, or is it better to reuse an instance (or, in a
    > multi-threaded environment, have a pool of them)?
    >
    > This came up because I'm working on something that uses nCipher's JCE
    > provider and there appear to be resource leaks internal to nCipher's
    > code. As part of trying to work around that, I wrote some test code
    > that can switch between calling Cipher.getInstance() before each
    > encrypt/decrypt operation or reusing a pool of Cipher instances.
    >
    > (The encrypts/decrypts are all AES using CBC).
    >
    > To my surprise, even with the vanilla SunJCE provider, reusing Cipher
    > instances -- even when having several threads using a Cipher instance
    > pool as small as a single instance -- ran considerably faster than
    > calling Cipher.getInstance() each time.


    It seems indeed as if the getInstance call is a relative
    expensive call.

    So if your code need to use hundreds of thousands or millions
    of Cipher objects, then reusing may be a good idea.

    But I suspect creating that many Cipher objects is not that
    common a requirement.

    Arne
     
    Arne Vajhøj, Jul 31, 2009
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dag Sunde
    Replies:
    0
    Views:
    875
    Dag Sunde
    Dec 3, 2003
  2. dotNET Developer

    all pooled connections were in use

    dotNET Developer, Feb 24, 2004, in forum: ASP .Net
    Replies:
    2
    Views:
    8,847
    William \(Bill\) Vaughn
    Feb 24, 2004
  3. Bob
    Replies:
    2
    Views:
    587
    Angel Saenz-Badillos[MS]
    Feb 1, 2005
  4. David McDivitt

    pooled connection myth

    David McDivitt, Mar 16, 2005, in forum: Java
    Replies:
    42
    Views:
    1,479
    Lee Fesperman
    Mar 18, 2005
  5. Replies:
    1
    Views:
    306
    Raymond DeCampo
    Jul 24, 2005
Loading...

Share This Page