Skip to content

Commit

Permalink
Increase bcrypt cost factor, add future cost factor auto-optimization (
Browse files Browse the repository at this point in the history 
…#30)

* Increase bcrypt default cost function; add auto-increase

- Increases default bcrypt cost factor to 12
- Increases bcrypt cost factor +1 automatically every 1.5 years from 1/1/17
  to maintain cost increases without needing updates

* Force 0 multiplier in case of negative floor due to pre-1/1/17 clock skew

* Move bcrypt constants to header per @daffl
  • Loading branch information
@micaksica2 @daffl
micaksica2 authored and daffl committed Aug 28, 2018
1 parent 4dc632e commit 2b71b30
Showing 1 changed file with 9 additions and 1 deletion.
10 changes: 9 additions & 1 deletion packages/authentication-local/src/utils/hash.js
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,16 @@
import bcrypt from 'bcryptjs';

const BCRYPT_WORK_FACTOR_BASE = 12;
const BCRYPT_DATE_BASE = 1483228800000;
const BCRYPT_WORK_INCREASE_INTERVAL = 47300000000;

export default function hasher (password) {
return new Promise((resolve, reject) => {
bcrypt.genSalt(10, function (error, salt) {
let BCRYPT_CURRENT_DATE = new Date().getTime();
let BCRYPT_WORK_INCREASE = Math.max(0, Math.floor((BCRYPT_CURRENT_DATE - BCRYPT_DATE_BASE) / BCRYPT_WORK_INCREASE_INTERVAL));
let BCRYPT_WORK_FACTOR = Math.min(19, BCRYPT_WORK_FACTOR_BASE + BCRYPT_WORK_INCREASE);

bcrypt.genSalt(BCRYPT_WORK_FACTOR, function (error, salt) {
if (error) {
return reject(error);
}
Expand Down

0 comments on commit 2b71b30

Please sign in to comment.