Changed the default cost of bcrypt to 10 #5587

Merged
merged 1 commit into from Dec 5, 2013

Projects

None yet

3 participants

Owner
ezimuel commented Dec 5, 2013

I changed the default cost of bcrypt to 10 according to prevent potential DOS attacks due to the high computational time of the previous cost value of 14. The security is not compromised with a value of 10, that is the same default value used by password_hash() of PHP 5.5.
See this article for more info about potential DOS attacks on bcrypt: http://timoh6.github.io/2013/11/26/Aggressive-password-stretching.html

Member

👍

@weierophinney weierophinney added a commit that referenced this pull request Dec 5, 2013
@weierophinney weierophinney [#5587] Add note to README.md
- Added note to the README to ensure that developers are aware of the change.
54890fe
@weierophinney weierophinney added a commit that referenced this pull request Dec 5, 2013
@weierophinney weierophinney Merge branch 'feature/5587' into develop
Close #5587
d72ec6c
@weierophinney weierophinney merged commit 666619c into zendframework:develop Dec 5, 2013

1 check failed

default The Travis CI build failed
Details
@weierophinney weierophinney was assigned Dec 5, 2013
@weierophinney weierophinney added a commit to zendframework/zend-crypt that referenced this pull request May 15, 2015
@weierophinney weierophinney Merge pull request zendframework/zendframework#5587 from ezimuel/fix/…
…bcrypt-cost-10

Changed the default cost of bcrypt to 10
1c235ba
@weierophinney weierophinney added a commit to zendframework/zend-crypt that referenced this pull request May 15, 2015
@weierophinney weierophinney Merge branch 'feature/5587' into develop 329b97a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment