From e191e6763270c839cf8629c81be293ff79f664c2 Mon Sep 17 00:00:00 2001 From: Shivaram Lingamneni Date: Thu, 21 Jan 2021 01:42:28 -0500 Subject: [PATCH] reduce recommended bcrypt cost to the lowest allowed value Two objectives: 1. Reduce thundering-herd effects on server restart (a cost of 4 should be approximately 1 millisecond of CPU time per reconnecting client) 2. Speed up mobile reattach as much as possible (see also #1420) --- default.yaml | 3 ++- traditional.yaml | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/default.yaml b/default.yaml index 40d7cfce..b88a388d 100644 --- a/default.yaml +++ b/default.yaml @@ -372,7 +372,8 @@ accounts: max-attempts: 30 # this is the bcrypt cost we'll use for account passwords - bcrypt-cost: 9 + # (note that 4 is the lowest value allowed by the bcrypt library) + bcrypt-cost: 4 # length of time a user has to verify their account before it can be re-registered verify-timeout: "32h" diff --git a/traditional.yaml b/traditional.yaml index 6e7c2ec3..d3a8ef55 100644 --- a/traditional.yaml +++ b/traditional.yaml @@ -344,7 +344,8 @@ accounts: max-attempts: 30 # this is the bcrypt cost we'll use for account passwords - bcrypt-cost: 9 + # (note that 4 is the lowest value allowed by the bcrypt library) + bcrypt-cost: 4 # length of time a user has to verify their account before it can be re-registered verify-timeout: "32h"