When using has_secure password in rails, how can I change the default cost factor BCrypt uses when creating the password digests?
I'd like to do this because the default cost factor used -- 10 -- is apparently a bit low (this post recommends setting it to 12 at least).
This can be accomplished by putting the following code in your config file (e.g. production.rb, development.rb, test.rb, application.rb, etc.)
require 'bcrypt'
BCrypt::Engine::DEFAULT_COST = 12
Note that you can check your password digests to see what cost factor was used when encrypting them. E.g. in
$2a$12$k50jCqk8Bijj.wYxg69QBOg.t4VNMj/VmSkPCfeWWoOW
the cost factor is 12 the number immediately following the second $