Closed p3nj closed 2 years ago
Increasing the bcrypt cost increases the CPU time used and hence total time taken. The cost you should use will vary based on:
Two cores (assuming that's the 2C in 2C4G) on a DO droplet simply is too slow for bcrypt cost this high. Lower it. For more information on this, see https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#work-factors
go version
: idk, full containerized.Description
This happens inside a environment spec list below:
dokku
do manage all the servicesdokku:postgres
create all the databases service fordendrite
services separatelyInside
dendrite.yaml
underuser_api
section ifbcrypt_cost
is set to 20, it will causeclient
service to timed out when using monolith docker setup. Eventually it will return CORS error but it is becausebcrypt
is taking too long that HTTP request would not willing to wait.Background information
docker container logs
if you check the
dendrite
container log it will only shows two lines of log about making request to create account, but no error messages and nothing else.nginx error logs
nginx error log will only shows that can not connect to upstream and time out the request.
Steps to reproduce
bcrypt_cost: 20
insidedendrite.yaml
user_api
section.dendrite
service or restart to load the config.since the configuration file shows max
bcrypt_cost
is limited to31
, it will be nice if when account creation request is made, http request is willing to wait untilbcrypt
calculation is finished.