[Johnson_boy]

Quote:

Originally Posted by xkirill I have a few questions Does it work with CentOS ? And how do I know what is the maximum cost I can put in ? If I change the cost someday with already a few accounts hashed with the previous cost, will their password still work after I change the cost ?

1. I'm not quite sure whether or not the plugin will compile on CentOS. The plugin requires C++11 or C++0x, which are present on most modern OSes, but I've never used CentOS, so I can't speak for it.

2. The minimum cost is 4 and the maximum cost is 31. However, you should find a cost that takes about 100-300 ms to calculate on the specific server in question. You can do this for instance by measuring the time using GetTickCount() and trying a couple of different costs. Usually costs 10-12 are suitable.

3. You can freely change the cost on the fly, and the old hashes will still work. Bcrypt_check will work regardless of the cost of the hash (which is identified automatically).

If you're ever planning to change the cost, it is recommended to update the old hashes as well when a player signs in. You can use function bcrypt_needs_rehash to check if the password needs to be rehashed and updated in the database. I could add an example of this to the repository.