Using a more significant cost factor significantly increases the compute required
to brute-force the passwords from the keys. It is recommended to use a cost factor
of more than (or equal to) 10 for bcrypt
. But note that there's a trade-off,
a higher iteration count will increase the cost of an exhaustive search and
make hashing proportionally slower.
package main
import (
"golang.org/x/crypto/bcrypt"
)
func main() {
_, _ = bcrypt.GenerateFromPassword([]byte("password"), 8)
}
package main
import (
"golang.org/x/crypto/bcrypt"
)
func main() {
_, _ = bcrypt.GenerateFromPassword([]byte("password"), 10)
}