Skip to content
This repository has been archived by the owner on Dec 21, 2019. It is now read-only.

Increase bcrypt cost #18

Closed
0xdabbad00 opened this issue Apr 7, 2015 · 4 comments · Fixed by #19
Closed

Increase bcrypt cost #18

0xdabbad00 opened this issue Apr 7, 2015 · 4 comments · Fixed by #19

Comments

@0xdabbad00
Copy link

You use a bcrypt cost of 8 (https://github.com/apexskier/httpauth/blob/master/auth.go#L177). Go's default bcrypt cost is 10 (https://github.com/golang/crypto/blob/master/bcrypt/bcrypt.go#L23). Not really an important issue. You may want to make this configurable.
@apexskier
Copy link
Owner

Thanks for the update. I'm still going to hard code for now, because I don't know how I'd implement the configuration off the top of my head. Pull requests are welcome, of course.

apexskier added a commit that referenced this issue Apr 7, 2015
@apexskier
Increased default bcrypt cost
49b24b3 
Resolves #18
@apexskier apexskier mentioned this issue Apr 7, 2015
Merged
@0xdabbad00
Copy link
Author

May be relevant to point out that this is a breaking change with previous code, because if someone upgraded your library to this update, they would need to re-generate hashes.

@apexskier
Copy link
Owner

Thanks!

@0xdabbad00
Copy link
Author

Looks like a couple more spots need to be updated.

apexskier added a commit that referenced this issue Apr 22, 2015
@apexskier
Increased bcrypt cost in a couple places I forgot
3bb80b2 
#18 (comment)
Issue #18
@apexskier apexskier mentioned this issue Apr 22, 2015
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Increased default bcrypt cost apexskier/httpauth
2 participants
@apexskier @0xdabbad00