nathaniel bibler

Random thoughts, links, and code by Nathaniel Bibler

OpenSSL::HMAC vs ruby-hmac Benchmarks

So, I’m writing a gem which requires an HMAC calculation. I came across the ruby-hmac gem, I assume to be maintained by Geoffrey Grosenbach, and was curious to investigate the performance differences between OpenSSL::HMAC and the ruby-hmac gem. I imagine one day, one other person, sometime between now and eternity, somewhere in the universe, maybe … might be interested in the results.

This test was conducted on a Macbook Pro, 2.4GHz Core 2 Duo, 4GB 667MHz DDR2 SDRAM. Ruby version 1.8.6, patchlevel 114, gem version 1.3.1. Obviously, these are ideal circumstances for any testing. ;)


#!/usr/bin/env ruby

require 'benchmark'
require 'rubygems'
require 'hmac/sha1'
require 'openssl'

REPEAT  = 10_000
KEY     = 'secretkey'
DATA    = 'Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.'

DIGEST  ='sha1')

Benchmark.bmbm do |results|'ruby-hmac') do
    REPEAT.times do
      HMAC::SHA1.digest(KEY, DATA)
  end'openssl/hmac') do
    REPEAT.times do
      OpenSSL::HMAC.digest(DIGEST, KEY, DATA)


Rehearsal ------------------------------------------------
ruby-hmac      1.390000   0.000000   1.390000 (  1.401636)
openssl/hmac   0.070000   0.000000   0.070000 (  0.072019)
--------------------------------------- total: 1.460000sec

                   user     system      total        real
ruby-hmac      1.390000   0.010000   1.400000 (  1.405108)
openssl/hmac   0.070000   0.000000   0.070000 (  0.073583)

So, across 10,000 passes, OpenSSL’s HMAC implementation appears to be roughly 20 times faster than the ruby-hmac gem for SHA1 hashing.

An interesting corollary to this benchmark would be to compare memory footprint once each library is included into an application. But, that’s a task for the reader.