docs(security): Add warning about using a high cost for bcrypt

2022-01-08 19:41:50 -05:00
parent c712133df0
commit f6f7e15735
1 changed files with 3 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -886,6 +886,9 @@ security:
    password-bcrypt-base64: "JDJhJDEwJHRiMnRFakxWazZLdXBzRERQazB1TE8vckRLY05Yb1hSdnoxWU0yQ1FaYXZRSW1McmladDYu"
 ```

+**WARNING:** Make sure to carefully select to cost of the bcrypt hash. The higher the cost, the longer it takes to compute the hash,
+and basic auth verifies the password against the hash on every request. As of 2022-01-08, I suggest a cost of 8.
+
 #### OIDC (ALPHA)
 | Parameter                        | Description                                                    | Default       |
 |:---------------------------------|:---------------------------------------------------------------|:--------------|