Merge pull request #11487 from savonarola/0821-optimize-bcrypt
feat: reduce bcrypt rounds to a usable value
This commit is contained in:
commit
240afecd69
|
@ -63,6 +63,9 @@
|
||||||
check_password/4
|
check_password/4
|
||||||
]).
|
]).
|
||||||
|
|
||||||
|
-define(SALT_ROUNDS_MIN, 5).
|
||||||
|
-define(SALT_ROUNDS_MAX, 10).
|
||||||
|
|
||||||
namespace() -> "authn-hash".
|
namespace() -> "authn-hash".
|
||||||
roots() -> [pbkdf2, bcrypt, bcrypt_rw, simple].
|
roots() -> [pbkdf2, bcrypt, bcrypt_rw, simple].
|
||||||
|
|
||||||
|
@ -71,11 +74,12 @@ fields(bcrypt_rw) ->
|
||||||
[
|
[
|
||||||
{salt_rounds,
|
{salt_rounds,
|
||||||
sc(
|
sc(
|
||||||
integer(),
|
range(?SALT_ROUNDS_MIN, ?SALT_ROUNDS_MAX),
|
||||||
#{
|
#{
|
||||||
default => 10,
|
default => ?SALT_ROUNDS_MAX,
|
||||||
example => 10,
|
example => ?SALT_ROUNDS_MAX,
|
||||||
desc => "Salt rounds for BCRYPT password generation."
|
desc => "Work factor for BCRYPT password generation.",
|
||||||
|
converter => fun salt_rounds_converter/2
|
||||||
}
|
}
|
||||||
)}
|
)}
|
||||||
];
|
];
|
||||||
|
@ -106,6 +110,13 @@ fields(simple) ->
|
||||||
{salt_position, fun salt_position/1}
|
{salt_position, fun salt_position/1}
|
||||||
].
|
].
|
||||||
|
|
||||||
|
salt_rounds_converter(undefined, _) ->
|
||||||
|
undefined;
|
||||||
|
salt_rounds_converter(I, _) when is_integer(I) ->
|
||||||
|
emqx_utils:clamp(I, ?SALT_ROUNDS_MIN, ?SALT_ROUNDS_MAX);
|
||||||
|
salt_rounds_converter(X, _) ->
|
||||||
|
X.
|
||||||
|
|
||||||
desc(bcrypt_rw) ->
|
desc(bcrypt_rw) ->
|
||||||
"Settings for bcrypt password hashing algorithm (for DB backends with write capability).";
|
"Settings for bcrypt password hashing algorithm (for DB backends with write capability).";
|
||||||
desc(bcrypt) ->
|
desc(bcrypt) ->
|
||||||
|
|
|
@ -0,0 +1,2 @@
|
||||||
|
The bcrypt work factor is limited to the range 5-10, because higher values consume too much CPU resources.
|
||||||
|
Bcrypt library is updated to allow parallel hash evaluation.
|
2
mix.exs
2
mix.exs
|
@ -815,7 +815,7 @@ defmodule EMQXUmbrella.MixProject do
|
||||||
|
|
||||||
defp bcrypt_dep() do
|
defp bcrypt_dep() do
|
||||||
if enable_bcrypt?(),
|
if enable_bcrypt?(),
|
||||||
do: [{:bcrypt, github: "emqx/erlang-bcrypt", tag: "0.6.0", override: true}],
|
do: [{:bcrypt, github: "emqx/erlang-bcrypt", tag: "0.6.1", override: true}],
|
||||||
else: []
|
else: []
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -36,7 +36,7 @@ assert_otp() ->
|
||||||
end.
|
end.
|
||||||
|
|
||||||
bcrypt() ->
|
bcrypt() ->
|
||||||
{bcrypt, {git, "https://github.com/emqx/erlang-bcrypt.git", {tag, "0.6.0"}}}.
|
{bcrypt, {git, "https://github.com/emqx/erlang-bcrypt.git", {tag, "0.6.1"}}}.
|
||||||
|
|
||||||
quicer() ->
|
quicer() ->
|
||||||
{quicer, {git, "https://github.com/emqx/quic.git", {tag, "0.0.114"}}}.
|
{quicer, {git, "https://github.com/emqx/quic.git", {tag, "0.0.114"}}}.
|
||||||
|
|
Loading…
Reference in New Issue