Optimal bcrypt work factor
What would be an ideal bcrypt work factor for password hashing.
If I use a factor of 10, it takes approx .1s to hash a password on my laptop. If we end up with a very busy site, that turns into a good deal of work just checking people's passwords.
Perhaps it would be better to use a work factor of 7, reducing the total password hash work to about .01s per laptop-login?
How do you decide the tradeoff between brute force safety and operational cost?
78
задан Chris 14 December 2010 в 19:46
поделиться
0 ответов
Другие вопросы по тегам: