feat: add bcrypt cost parameter to hash-password #7149
Conversation
|
|
|
You shouldn't modify the interface to add support for passing the cost. That's a breaking change. The cost value can be a field in the bcrypt type. |
Thanks for your input @mohammed90! I moved |
| type BcryptHash struct { | ||
| // cost is the bcrypt hashing difficulty factor (work factor). | ||
| // Higher values increase computation time and security. | ||
| cost int |
There was a problem hiding this comment.
Configurable parts of module should be exported. If there's assumption of default value, we usually implement those checks in Provision method, which I believe at this point it's needed.
There was a problem hiding this comment.
Is the Provision method called in the CLI context? Exported Provision doesn't seem to be invoked.
There was a problem hiding this comment.
Oh, sorry 🤦🏼 I got confused with things. You're right, Provision is not called from the CLI to hash the password. It's also not needed in the comparison. You can revert that last commit 😅
There was a problem hiding this comment.
Alright, reverted. Do you see anything else that I could improve @mohammed90 ?
The caddy
hash-passwordcommand allows users to generate hashed passwords for HTTP basic auth. It previously supported selecting the algorithm and plaintext, but did not expose the bcrypt cost parameter.This change introduces a new
--costflag, allowing users to specify the bcrypt difficulty factor (cost), which controls the computational expense of the hash.By default, the cost is kept at 14, consistent with the previous behavior if no custom value is provided.
Context: https://pkg.go.dev/golang.org/x/crypto/bcrypt#GenerateFromPassword