Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:121009
Return-Path: <craig@craigfrancis.co.uk>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 69830 invoked from network); 7 Sep 2023 21:37:53 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 7 Sep 2023 21:37:53 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id A9DA8180210
	for <internals@lists.php.net>; Thu,  7 Sep 2023 14:37:52 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.2 required=5.0 tests=BAYES_20,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE
	autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <craig@craigfrancis.co.uk>
Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com [209.85.128.47])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Thu,  7 Sep 2023 14:37:52 -0700 (PDT)
Received: by mail-wm1-f47.google.com with SMTP id 5b1f17b1804b1-401f503b529so15864875e9.0
        for <internals@lists.php.net>; Thu, 07 Sep 2023 14:37:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=craigfrancis.co.uk; s=default; t=1694122671; x=1694727471; darn=lists.php.net;
        h=to:references:message-id:content-transfer-encoding:cc:date
         :in-reply-to:from:subject:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=u7fbXM6AHsUmTM9jP9OPTuGQWdT7FWNmPG74ERT8SaA=;
        b=NAHsEtmVtWswYiWO4JmO60luiRil0NkRCHPzSqSOWCWTEpNzWttQAm3B+W1O9vJKZA
         jDQUgbpBtt6oWnpJfuo3mzvmZMyb1Ag7WzYJtKiRx6aLEVVQ8wrxmB70u1Bcjd7wsqcI
         PYSLKwZRwIa1jdxJw+S12/qJCi0/yoBxj7zM4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1694122671; x=1694727471;
        h=to:references:message-id:content-transfer-encoding:cc:date
         :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=u7fbXM6AHsUmTM9jP9OPTuGQWdT7FWNmPG74ERT8SaA=;
        b=retFWsob3xok2e8+7uJpacTzM8AQBaJYpHu4OkzuieK+Wiv+ZqK2Hm/s/x6WB12gZc
         aG7E7QhwLhpderaPUixdOZIKH3ZjsUeoMvQQZCYSP+8FasPZ//rkmxbBG3BEMX0N1hBk
         pGc3hg2mrOImox7QflVL8mxIz8d4xFxdsXVtVINLSFRJXHL0GvHIGvSxzeE4L0RiqC9W
         riTD3ZheSzjY/lbp9rWfQ9O0G3HlanCRv1b/yAcgd2MEJ6HABC2LUtCoORLvgj5Glu5B
         LOzEDvG8hsdVT34oX1Vg6qoTEN5c7v5rhCmxbC7bsNwEKqdkHbbwKbKUXc+PDoO1f3Zy
         F2rw==
X-Gm-Message-State: AOJu0YyYk7RgeU2E1C7Adgqb46Z5Fxc/lAOmJ6CRh2+OEfAarGoV2JWQ
	hFQ+7J3+MF+dnKW0aLutxXY5Sw==
X-Google-Smtp-Source: AGHT+IHXCXdonQEZz++gYjxRwJ0KlQAmLfVnoTKrO8JBGiucFaKmCdWxWjQus32I/PmxC1+GAWt5Iw==
X-Received: by 2002:a7b:c3cd:0:b0:400:6b36:ee2a with SMTP id t13-20020a7bc3cd000000b004006b36ee2amr586103wmj.26.1694122670615;
        Thu, 07 Sep 2023 14:37:50 -0700 (PDT)
Received: from smtpclient.apple ([92.234.79.97])
        by smtp.gmail.com with ESMTPSA id m24-20020a7bce18000000b003feee8d8011sm3535192wmc.41.2023.09.07.14.37.49
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 07 Sep 2023 14:37:49 -0700 (PDT)
Content-Type: text/plain;
	charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.600.7\))
In-Reply-To: <e6d0f349-436d-8545-4146-e1293c901d65@bastelstu.be>
Date: Thu, 7 Sep 2023 22:37:39 +0100
Cc: PHP internals <internals@lists.php.net>
Content-Transfer-Encoding: quoted-printable
Message-ID: <6D9D6C50-EF11-48B6-AA3E-311A34EE8B41@craigfrancis.co.uk>
References: <e6d0f349-436d-8545-4146-e1293c901d65@bastelstu.be>
To: =?utf-8?Q?Tim_D=C3=BCsterhus?= <tim@bastelstu.be>
X-Mailer: Apple Mail (2.3731.600.7)
Subject: Re: [PHP-DEV] RFC: Increasing the default BCrypt cost
From: craig@craigfrancis.co.uk (Craig Francis)

On 7 Sep 2023, at 18:26, Tim D=C3=BCsterhus <tim@bastelstu.be> wrote:
> in response to the recent "PASSWORD_DEFAULT value" thread [1], I've =
created an RFC to discuss an increase of the default BCrypt costs for =
`password_hash()` from the current value of 10.
>=20
> https://wiki.php.net/rfc/bcrypt_cost_2023


Thanks Tim,

Just quickly running this on two AWS EC2 servers, to give rough figures =
for a VM (note usual issues like noisy neighbours, turbo-boost, thermal =
throttling, etc).

t2.nano

Cost 8: 2.083060 total (0.020831 per hash)
Cost 9: 4.115596 total (0.041156 per hash)
Cost 10: 8.238419 total (0.082384 per hash)
Cost 11: 16.334089 total (0.163341 per hash)
Cost 12: 32.693785 total (0.326938 per hash)
Cost 13: 65.587982 total (0.655880 per hash)
Cost 14: 131.358058 total (1.313581 per hash)

t2.small

Cost 8: 2.062625 total (0.020626 per hash)
Cost 9: 4.142067 total (0.041421 per hash)
Cost 10: 8.231646 total (0.082316 per hash)
Cost 11: 16.851889 total (0.168519 per hash)
Cost 12: 32.814440 total (0.328144 per hash)
Cost 13: 69.409889 total (0.694099 per hash)
Cost 14: 133.682196 total (1.336822 per hash)

Both nano and small only have 1 vCPU, have 0.5 vs 1 GiB RAM, and a =
different number of CPU Credits/hr.

We recently discussed hashing and costs at one of our OWASP meetings, we =
came to conclusion that the default of 10 for bcrypt probably should be =
increased, but only to 11 for typical websites. The main concern was =
about making denial-of-service attacks easier (think of a normal website =
developer, who won't limit the number of login attempts).

It's also worth keeping in mind the difference between online vs offline =
attacks, what it's being used for, human behaviour when it comes to =
choosing bad passwords ("123456" and "Password1!" will still be guessed =
very quickly), etc.

Craig=