Is 12 rounds overkill?
pnegahdar opened this issue · comments
The default bcrypt settings is to run 12 rounds. I tested it out for time complexity and on a core i7:
In [8]: %timeit b.generate_password_hash('yo', 6)
100 loops, best of 3: 4.09 ms per loop
In [9]: %timeit b.generate_password_hash('yo', 7)
100 loops, best of 3: 8.12 ms per loop
In [10]: %timeit b.generate_password_hash('yo', 9)
10 loops, best of 3: 32.3 ms per loop
In [11]: %timeit b.generate_password_hash('yo', 10)
10 loops, best of 3: 64.5 ms per loop
In [12]: %timeit b.generate_password_hash('yo', 12)
1 loops, best of 3: 258 ms per loop
In [13]: %timeit b.generate_password_hash('yo', 12)
1 loops, best of 3: 258 ms per loop
In [14]: %timeit b.generate_password_hash('yo', 10)
10 loops, best of 3: 64.5 ms per loop
In [15]: %timeit b.generate_password_hash('yo', 8)
100 loops, best of 3: 16.2 ms per loop
I think the target should be about 8ms of complexity (see: http://security.stackexchange.com/questions/3959/recommended-of-iterations-when-using-pkbdf2-sha256/3993#3993) and most users of this package probably don't know they're doing about 256ms by default which pretty much limits a process to 4 password ops per second.
Just a thought :)
Yeah I mean, it is configurable. I feel like erring on the side of caution is probably correct, but that doesn't mean the default couldn't safely be lowered.
Your choice just wanted to make sure you're aware. I'd say 8ms is definitely on the side of caution (its really only protection against rainbow tables which 8ms is very high), 256ms becomes a bottleneck for your process (I've set mine to 7 rounds). For reference heres my time on md5:
In [24]: %timeit md5('yo')
1000000 loops, best of 3: 727 ns per loop
I definitely do not consider this overkill at this point. YMMV and you can of course configure according to your needs.