Differences

This shows you the differences between two versions of the page.

--- rfc:bcrypt_cost_2023 [2023/09/07 16:12] – timwolla
+++ rfc:bcrypt_cost_2023 [2023/10/06 14:34] (current) – Implemented timwolla
@@ Line 3: / Line 3: @@
   * Date: 2023-09-07
   * Author: Tim Düsterhus, timwolla@php.net
-  * Status: Draft
+  * Status: Implemented
+  * Target Version: PHP 8.4
+  * Implementation: https://github.com/php/php-src/commit/42a85fc5d95c0c5e867cafcca8ebfca9d90e6c88
   * First Published at: https://wiki.php.net/rfc/bcrypt_cost_2023
@@ Line 16: / Line 18: @@
 Any increase of the cost by ''1'' will double the time it takes to calculate a single BCrypt hash.
+==== Choice of the cost factor ====
+The cost should be selected to be as large as possible without degrading the user experience and without introducing disproportional hardware requirements. [[https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#work-factors|OWASP]] recommends “less than a second” as a rule of thumb.
 ==== Processing time for several different CPUs ====
-These times were measured using PHP 8.2 with this script and were selected to represent a reasonable range of CPUs that might still be in use today. All tests were carried out using wall-power.
+These times were measured using PHP 8.2 with this script and were selected to represent a reasonable range of CPUs that might still be in use today. All tests were carried out using wall-power (i.e. the Laptops were plugged in and not running from battery).
 <PHP>
@@ Line 107: / Line 113: @@
 ===== Proposal =====
-The default BCrypt cost shall be increased from ''10'' to either ''11'' or ''12'' (depending on the secondary vote).
+The default BCrypt cost shall be increased from ''10'' to either ''11'' (doubling the time) or ''12'' (quadrupling the time), depending on the secondary vote.
+A cost of ''12'' is well below 0.5 seconds on all tested CPUs (with the slowest CPU being at 330ms) and should feel sufficiently snappy for an interactive login in a website even when needing to rehash a cost ''10'' hash during login.
+The more conservative increase to ''11'' stays below 200ms for all tested CPUs and still provides reasonable response times when a handful of hashes need to be calculated within a single request (e.g. when generating and hashing multiple recovery codes for multi-factor authentication).
 ===== Backward Incompatible Changes =====
@@ Line 159: / Line 169: @@
 /3 majority to increase the default costs:
-<doodle title="Increase the default BCrypt cost?" auth="timwolla" voteType="single" closed="false" closeon="2022-01-01T00:00:00Z">
+<doodle title="Increase the default BCrypt cost?" auth="timwolla" voteType="single" closed="true" closeon="2023-10-05T17:45:00Z">
    * Yes
    * No
@@ Line 166: / Line 176: @@
 Simple majority to decide the new costs:
-<doodle title="Increase the default BCrypt cost to?" auth="timwolla" voteType="single" closed="false" closeon="2022-01-01T00:00:00Z">
+<doodle title="Increase the default BCrypt cost to?" auth="timwolla" voteType="single" closed="true" closeon="2023-10-05T17:45:00Z">
-   * 11
+   * 11 (less than 160ms per hash)
-   * 12
+   * 12 (less than 330ms per hash)
 </doodle>
 ===== Patches and Tests =====
-tbd
+https://github.com/php/php-src/pull/12367
 ===== Implementation =====
-tbd
+https://github.com/php/php-src/commit/42a85fc5d95c0c5e867cafcca8ebfca9d90e6c88
 ===== References =====
   * https://externals.io/message/120993
+  * https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html
+  * https://phpc.social/@tychotithonus@infosec.exchange/111025157601179075
 ===== Rejected Features =====
 None.

Differences

Page Tools