in reply to Re: Adjust bcrypt cost to prevent future password hash attacks
in thread Adjust bcrypt cost to prevent future password hash attacks
I'm using a different bcrypt module, Crypt::Eksblowfish::Bcrypt,
According to the documentation, Digest::Bcrypt is mostly a wrapper around Crypt::Eksblowfish::Bcrypt.
.. it stores both the settings and the salt in the output hash
Does that mean you can deduce the cost from the output hash alone? In order to adjust the cost over time, one either need to store the cost or be able to compute it (e.g. from the output hash).
No matter how great and destructive your problems may seem now, remember, you've probably only seen the tip of them.