Auth: Reduce bcrypt cost for faster login on small devices

**As a user of a small device like a NAS or a Raspberry Pi, I would like the cost of the bcrypt password to be lower so that logging in does not take a very long time (or even timeout).**

The default password cost (2^number of rounds) of most implementations is 11 and the current cost in PhotoPrism is 14, so we reduce it to 12[^1], which is still more secure than what most other applications use:

| Cost  | Iterations               |
|-------|--------------------------|
|   8   |    256 iterations        |
|   9   |    512 iterations        |
|  10   |  1,024 iterations        |
|  11   |  2,048 iterations        |
|  12   |  4,096 iterations        |
|  13   |  8,192 iterations        |
|  14   | 16,384 iterations        |
|  15   | 32,768 iterations        |
|  16   | 65,536 iterations        |

[^1]: Developers can change this value in `internal/entity/password.go` to use a higher/lower cost in custom builds, depending on their needs.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Auth: Reduce bcrypt cost for faster login on small devices #3718

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Cost	Iterations
8	256 iterations
9	512 iterations
10	1,024 iterations
11	2,048 iterations
12	4,096 iterations
13	8,192 iterations
14	16,384 iterations
15	32,768 iterations
16	65,536 iterations

Uh oh!

Auth: Reduce bcrypt cost for faster login on small devices #3718

Description

Footnotes

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions