From b3f9c3df9bc73b8941b8e0dacabeb45738f4497e Mon Sep 17 00:00:00 2001
From: Jan Jurzitza <gh@webfreak.org>
Date: Sun, 28 Dec 2025 12:06:30 +0000
Subject: [PATCH] increase default bcrypt work factor

It has been 10 years since this default work factor was set, it's probably about time to quadruple the time it takes again.

This random person benchmarked it on a modern-ish CPU and on cloud servers in 2023 and it seems like 12 is a good default now (taking around 200-400ms per hash)
---
 source/botan/passhash/bcrypt.d | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source/botan/passhash/bcrypt.d b/source/botan/passhash/bcrypt.d
index 116fb9839..26dc26348 100644
--- a/source/botan/passhash/bcrypt.d
+++ b/source/botan/passhash/bcrypt.d
@@ -32,7 +32,7 @@ import std.conv : to;
 */
 string generateBcrypt(in string password,
                       RandomNumberGenerator rng,
-                      ushort work_factor = 10)
+                      ushort work_factor = 12)
 {
     return makeBcrypt(password, unlock(rng.randomVec(16)), work_factor);
 }