Make bcrypt work factor explicit (13 rounds)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-17 20:58:02 +02:00
parent a28f847572
commit 6d626ff266
2 changed files with 16 additions and 1 deletions
@@ -6,8 +6,11 @@ from jose import jwt
 from app.core.config import settings


+_BCRYPT_ROUNDS = 13  # ~300 ms on modern hardware; increase over time as CPUs get faster
+
+
 def hash_password(password: str) -> str:
-    return bcrypt.hashpw(password.encode(), bcrypt.gensalt()).decode()
+    return bcrypt.hashpw(password.encode(), bcrypt.gensalt(rounds=_BCRYPT_ROUNDS)).decode()


 def verify_password(plain: str, hashed: str) -> bool: