Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:121124
Return-Path: <remi@php.net>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 25846 invoked from network); 22 Sep 2023 06:53:07 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 22 Sep 2023 06:53:07 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 0E44C1804B0
	for <internals@lists.php.net>; Thu, 21 Sep 2023 23:53:06 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-1.8 required=5.0 tests=BAYES_00,NICE_REPLY_A,
	RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,
	SPF_NEUTRAL,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no
	version=3.4.2
X-Spam-ASN: AS29169 217.70.176.0/20
X-Spam-Virus: No
X-Envelope-From: <remi@php.net>
Received: from relay7-d.mail.gandi.net (relay7-d.mail.gandi.net [217.70.183.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Thu, 21 Sep 2023 23:53:05 -0700 (PDT)
Received: by mail.gandi.net (Postfix) with ESMTPSA id 9CC2D20002
	for <internals@lists.php.net>; Fri, 22 Sep 2023 06:53:03 +0000 (UTC)
Message-ID: <d3d83b91-4304-46c6-4522-18fbe15fac2a@php.net>
Date: Fri, 22 Sep 2023 08:53:03 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.13.0
Content-Language: en-US
To: internals@lists.php.net
References: <a9b0d24f-fe59-75af-4b1e-dcd8067482b0@bastelstu.be>
In-Reply-To: <a9b0d24f-fe59-75af-4b1e-dcd8067482b0@bastelstu.be>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-GND-Sasl: contact@ll-experts.com
Subject: Re: [PHP-DEV] [VOTE] Increasing the default BCrypt cost
From: remi@php.net (Remi Collet)

Le 21/09/2023 à 19:26, Tim Düsterhus a écrit :
> Hi
> 
> I just opened the vote for the "Increasing the default BCrypt cost" RFC. 
> The RFC contains a two votes, one primary vote that requires a 2/3
> majority to pass and a secondary vote deciding on the new costs with a 
> simple majority. Voting runs 2 weeks until 2023-10-05 17:45 UTC.
> 
> Please find the following resources for your references:

Tested on ARM (Neoverse-N1)

Cost 9: 5.175103 total (0.051751 per hash)
Cost 10: 10.325875 total (0.103259 per hash)
Cost 11: 20.627759 total (0.206278 per hash)
Cost 12: 41.231114 total (0.412311 per hash)
Cost 13: 82.437880 total (0.824379 per hash)
Cost 14: 164.851835 total (1.648518 per hash)


So 11 seems reasonable.

Remi


> RFC Text: https://wiki.php.net/rfc/bcrypt_cost_2023
> Discussion Thread: https://externals.io/message/121004
> Feedback by a Hashcat team member on Fediverse: 
> https://phpc.social/@tychotithonus@infosec.exchange/111025157601179075
> 
> Best regards
> Tim Düsterhus
>