Albert Casademont wrote: > The iteration count is very different because in bcrypt it's not an > iteration count number at all, it's a "cost". And it's kinda exponential: a > hash with a cost of 11 is twice as hard to compute than that of a 10. At > our company we are using a cost of 11 right now, which means a hash is > computed in around 100ms in a Core i7
A cost of N means 2**N rounds (i.e. iteration counts). Therefore a cost of 10 means 1024 rounds. However, the complexity of the underlying primitive should affect what is to be considered a reasonable iteration count. For instance, CRYPT_BLOWFISH has a minimum of 16 rounds, while CRYPT_SHA256 has a minimum of 1000. -- Christoph M. Becker -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
