Auth: Reduce bcrypt cost for faster login on small devices #3718
Labels
enhancement
Optimization, improvement or maintenance task
performance
Performance Optimization
released
Available in the stable release
security
Impact on server or browser security
tested
Changes have been tested successfully
As a user of a small device like a NAS or a Raspberry Pi, I would like the cost of the bcrypt password to be lower so that logging in does not take a very long time (or even timeout).
The default password cost (2^number of rounds) of most implementations is 11 and the current cost in PhotoPrism is 14, so we reduce it to 121, which is still more secure than what most other applications use:
Footnotes
Developers can change this value in
internal/entity/password.go
to use a higher/lower cost in custom builds, depending on their needs. ↩The text was updated successfully, but these errors were encountered: