Rails has_secure_password change BCrypt cost factor (aka work factor)

Question

When using has_secure password in rails, how can I change the default cost factor BCrypt uses when creating the password digests?

I'd like to do this because the default cost factor used -- 10 -- is apparently a bit low (this post recommends setting it to 12 at least).

Answer 1

This can be accomplished by putting the following code in your config file (e.g. production.rb, development.rb, test.rb, application.rb, etc.)

require 'bcrypt'
BCrypt::Engine::DEFAULT_COST = 12

Note that you can check your password digests to see what cost factor was used when encrypting them. E.g. in

$2a$12$k50jCqk8Bijj.wYxg69QBOg.t4VNMj/VmSkPCfeWWoOW

the cost factor is 12 the number immediately following the second $