From cc07d8e0704551d36cea13d218d1b44799e0fa39 Mon Sep 17 00:00:00 2001 From: Pooya Parsa Dadashi Date: Wed, 18 Oct 2023 15:22:32 +0330 Subject: [PATCH 1/2] update defaulte value `$hashCost` to 12 --- src/Config/Auth.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Config/Auth.php b/src/Config/Auth.php index e7ad04189..6a1bd8d6b 100644 --- a/src/Config/Auth.php +++ b/src/Config/Auth.php @@ -354,14 +354,14 @@ class Auth extends BaseConfig * -------------------------------------------------------------------- * The BCRYPT method of hashing allows you to define the "cost" * or number of iterations made, whenever a password hash is created. - * This defaults to a value of 10 which is an acceptable number. + * This defaults to a value of 12 which is an acceptable number. * However, depending on the security needs of your application * and the power of your hardware, you might want to increase the * cost. This makes the hashing process takes longer. * * Valid range is between 4 - 31. */ - public int $hashCost = 10; + public int $hashCost = 12; /** * If you need to support passwords saved in versions prior to Shield v1.0.0-beta.4. From 05826bcecbe051a23254e4d4051cbaf17c507c24 Mon Sep 17 00:00:00 2001 From: Pooya Parsa Dadashi Date: Wed, 18 Oct 2023 15:40:21 +0330 Subject: [PATCH 2/2] tests: set hashCost=13 for fix test --- tests/Unit/PasswordsTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/Unit/PasswordsTest.php b/tests/Unit/PasswordsTest.php index 7398fc533..fc892013b 100644 --- a/tests/Unit/PasswordsTest.php +++ b/tests/Unit/PasswordsTest.php @@ -52,7 +52,7 @@ public function testHash(): string public function testNeedsRehashTakesCareOptions(string $hashedPassword): void { $config = new AuthConfig(); - $config->hashCost = 12; + $config->hashCost = 13; $passwords = new Passwords($config); $result = $passwords->needsRehash($hashedPassword);