effect of bcrypt hash $cost on HTTP Basic authentication's login performance?
pgnet.dev at gmail.com
Sat Jun 29 16:48:01 UTC 2019
When generating hashed data for "HTTP Basic" login auth protection, using bcrypt as the hash algorithm, one can vary the resultant hash strength by varying specify bcrypt's $cost, e.g.
php -r "echo password_hash('$my_pass', PASSWORD_BCRYPT, ['cost' => $cost]) . PHP_EOL;"
Of course, increased $cost requires increased encryption time.
E.g., on my desktop, the hash encryption times vary with cost as,
For site login usage, does *client* login time vary at all with the hash $cost?
Other than the initial, one-time hash generation, is there any login-performance reason NOT to use the highest hash $cost?
More information about the nginx-devel