Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:121228 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 16174 invoked from network); 5 Oct 2023 00:18:38 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 5 Oct 2023 00:18:38 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id B59871804C1 for ; Wed, 4 Oct 2023 17:18:37 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS8560 74.208.0.0/16 X-Spam-Virus: No X-Envelope-From: Received: from mout.perfora.net (mout.perfora.net [74.208.4.197]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Wed, 4 Oct 2023 17:18:37 -0700 (PDT) Received: from oxusgaltgw00.schlund.de ([10.72.72.46]) by mrelay.perfora.net (mreueus003 [74.208.5.2]) with ESMTPSA (Nemesis) id 0M7ZR3-1rZRhV06ul-00xMjh; Thu, 05 Oct 2023 02:18:34 +0200 Date: Wed, 4 Oct 2023 19:18:33 -0500 (CDT) To: Craig Francis , =?UTF-8?Q?Tim_D=C3=BCsterhus?= Cc: PHP internals Message-ID: <115333210.1358228.1696465113826@email.ionos.com> In-Reply-To: <6D9D6C50-EF11-48B6-AA3E-311A34EE8B41@craigfrancis.co.uk> References: <6D9D6C50-EF11-48B6-AA3E-311A34EE8B41@craigfrancis.co.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Priority: 3 Importance: Normal X-Mailer: Open-Xchange Mailer v7.10.6-Rev52 X-Originating-Client: open-xchange-appsuite X-Provags-ID: V03:K1:Od13UJTrq0MLrQG7LuGH9yCbWnuYnm0NHUstnXwchmIE15nGx6B 8L/veI5S2AJmZ3wmj042PRV7b/QrFGgojsDJdxMAX0KSW6BLWO9KYK8peYiBD47ZHN1+/bU ox4cxrwzC+UVGXhA9MSTMPjf3KM6TfmVzGWtyQDGg2dp5RNmlLEDWIHmVziOns8H9AiEhWL ofNklcqsFQafuokj6GpgQ== UI-OutboundReport: notjunk:1;M01:P0:IWbYDAmFj0g=;Z2ULbi7hX8JrE5JpF99PlyRmva1 96GwUSUjKhDExkY64mQRvK2InONqLKZiD34lKVa4EQ42LtufUaNuTfXvwUNRi3iMa8IfHvUIM je7dDF/AwigqIvhKPkuq6awpulT/OhEvsf0+XLtrfVv3j+zrnRWnlDi+YVwMjjskPlvqBODv4 c1HwuPHSWusgHwJHLPHXenNAKlcXilKF+tin6s2HspT9JZYBiBISLEBdXPVcM7xDxnX/JblHj kVJio6Bi8RhBs9euoPgp6Y2PotrjqBu7XDpWHvI4kVE/VR+FzL4zQ6oX6myA8RjIhuOLfrULR nRTdcGLJ1VLFOMjcz2b3Zcngcu/9eDIH60earq6Soa9yr1wyXXqd1PPgkPT49MewEFc8mAUQn 01u8bVqGeWQMsFhhW0eb9IKbcvOAjXGNESE6SjV3SRh4C8uSCrueK+hsIV9fe4nYLNpZhtncW iyuRLJnn7MRq4SchPTBQ6lTTDWI+DwbO5Od0opyEfhIFLRdKBUCdWS4yTvpDADLjao/V5pQ6f 946zou0XH1D/3tmj9ZA7K4DAw4fKPGgKudR4A4zKGFeDpO2jbIRkJIHZI/L84I02J8yL7fLg7 YcUyJeb90sghNFu8HMuEhuezIWd/frTee6x39FCT7FfE8MyvHdUNBhJ3a7SZJwu0Po8cX19YO ilKIB1J3AQ7BaW4FPfDlvgvxl0FUPcL/XkDNBQlJcjkH3CPmvYitC43p7DHTm+nvStPcJ6ARp VXzwZfwNzQi7qYO67rKhia4Z8XMuZF5Q8j7RhiD3OjyWCScFtGo94e9kzKFvGNtCYZhSBHe3v wAPkJCpd6rjk2ClHaUgupDDFl1U6/TQ/BGg5gw1h+rjf7kexWmDKdXQf17kZkuiU2cHt/eV/u RzkxYAIAl1f+Z5Q== Subject: Re: [PHP-DEV] RFC: Increasing the default BCrypt cost From: steve@tobtu.com > On 09/07/2023 4:37 PM CDT Craig Francis wrote: > > We recently discussed hashing and costs at one of our OWASP meetings, we came to conclusion that the default of 10 for bcrypt probably should be increased, but only to 11 for typical websites. The main concern was about making denial-of-service attacks easier (think of a normal website developer, who won't limit the number of login attempts). > I fought long and hard to get bcrypt down from cost 12 to only cost 10 even though cost 9 was over powered vs the other settings. At the time cost "8.1" was equivalent to the other settings. After the recent settings increase of the others, cost "8.7" is equivalent. Currently all of the OWASP settings come directly from me except bcrypt. The only way I was able to get it down to cost 10 was giving equivalent settings to cost 12 for the other algorithms. Just to show that those numbers were obviously too high. Note that bcrypt cost 12 is currently as strong as PBKDF2-HMAC-SHA256 with ~6,000,000 iterations. Which is an insane number for web auth. Anyway I don't look forward to arguing with OWASP to keep bcrypt at cost 10. Even though it's currently 2.5x stronger than the other accepted settings.