Commit 1c169b78290e09a05e05d87023afcd0249ad1cae
Merge pull request #65 from tjschuck/add_docs_for_global_cost_setting
Add docs for new BCrypt::Engine.cost attributeAman Gupta committed on 5/4/2013, 7:05:37 PM
Parent: f03aebe022974708f1b1e5e63544b1826cbb9960
Parent: 3ec519192ae6ae343d191eee5c1cba97c518ccd8
Files changed
| README.md | changed |
| lib/bcrypt.rb | changed |
| README.md | ||
|---|---|---|
| @@ -168,8 +168,22 @@ | ||
| 168 | 168 | The default cost factor used by bcrypt-ruby is 10, which is fine for session-based authentication. If you are using a |
| 169 | 169 | stateless authentication architecture (e.g., HTTP Basic Auth), you will want to lower the cost factor to reduce your |
| 170 | 170 | server load and keep your request times down. This will lower the security provided you, but there are few alternatives. |
| 171 | 171 | |
| 172 | +To change the default cost factor used by bcrypt-ruby, use `BCrypt::Engine.cost = new_value`: | |
| 173 | + | |
| 174 | + BCrypt::Password.create('secret').cost | |
| 175 | + #=> 10, the default provided by bcrypt-ruby | |
| 176 | + | |
| 177 | + # set a new default cost | |
| 178 | + BCrypt::Engine.cost = 8 | |
| 179 | + BCrypt::Password.create('secret').cost | |
| 180 | + #=> 8 | |
| 181 | + | |
| 182 | +The default cost can be overridden as needed by passing an options hash with a different cost: | |
| 183 | + | |
| 184 | + BCrypt::Password.create('secret', :cost => 6).cost #=> 6 | |
| 185 | + | |
| 172 | 186 | ## More Information |
| 173 | 187 | |
| 174 | 188 | `bcrypt()` is currently used as the default password storage hash in OpenBSD, widely regarded as the most secure operating |
| 175 | 189 | system available. |
| lib/bcrypt.rb | ||
|---|---|---|
| @@ -37,12 +37,27 @@ | ||
| 37 | 37 | end |
| 38 | 38 | |
| 39 | 39 | @cost = nil |
| 40 | 40 | |
| 41 | + # Returns the cost factor that will be used if one is not specified when | |
| 42 | + # creating a password hash. Defaults to DEFAULT_COST if not set. | |
| 41 | 43 | def self.cost |
| 42 | 44 | @cost || DEFAULT_COST |
| 43 | 45 | end |
| 44 | 46 | |
| 47 | + # Set a default cost factor that will be used if one is not specified when | |
| 48 | + # creating a password hash. | |
| 49 | + # | |
| 50 | + # Example: | |
| 51 | + # | |
| 52 | + # BCrypt::Engine::DEFAULT_COST #=> 10 | |
| 53 | + # BCrypt::Password.create('secret').cost #=> 10 | |
| 54 | + # | |
| 55 | + # BCrypt::Engine.cost = 8 | |
| 56 | + # BCrypt::Password.create('secret').cost #=> 8 | |
| 57 | + # | |
| 58 | + # # cost can still be overridden as needed | |
| 59 | + # BCrypt::Password.create('secret', :cost => 6).cost #=> 6 | |
| 45 | 60 | def self.cost=(cost) |
| 46 | 61 | @cost = cost |
| 47 | 62 | end |
| 48 | 63 | |
Built with git-ssb-web