Rails 3 Devise grinds to halt with more encryption "stretches"

Whenever I put config.stretches = 20 in config/initializers/devise.rb, the server times out on encryption requests.

The reposnse time is bearable at 15 stretches, then rapidly increases as I raise stretches value, and becomes totally unusable at 19. I don't know much about the performance impact this value may deal, but it certainl开发者_高级运维y shouldn't be exponential, which is what I experience. Apparently I don't need to raise this value for anything except authlogic compatibility, but it seems wrong anyway.

I verified this with totally fresh install of https://github.com/plataformatec/devise_example/.

This behavior is observed on Ubuntu 11.04, any 3.0.x rails version, 3.1.0.beta1, devise 1.3.1 and 1.3.4, mysql, pg, sqlite drivers. This holds true for brcypt as well as for sha1 encryptors.

This is the expected behavior (especially for bcrypt which is arguably better). The only purpose of this value is to degrade performance to increase security.

You don't want speed when hashing as this allows an attacker to try more things in a given time span. This article explains this: http://codahale.com/how-to-safely-store-a-password/ .

In devise, stretches is used to adjust the work factor higher so that passwords take a configurably long time to hash. The configurable nature is necessary for 2 reasons: 1) different applications have different acceptable performance characteristics and 2) as computers get faster you should be able to increase the work factor to keep the same performance.

The idea is that you should configure this value to be as high as you can while maintaining acceptable performance. The goal isn't to make log on take 60 seconds, it is to make it take longer than a microsecond or two. If you can find a value for stretches that slows requests down to around 200 milliseconds or so, that's probably where you want to be.

It turned out that I didn't specify the :encryptable option in my model, and Devise was ignoring config.encryptor setting silently, and was, indeed, using bcrypt, which is really that slow at 20 stretches.