Blowfish cost vs time

Question

I'm using bcrypt/blowfish in php and when I set the cost parameter to $10 (1024 rounds I think) the encrypting process takes 0.1 seconds. If I set it to $12, it takes 0.3 seconds. My question is: Is this occupying 0.3 seconds of cpu time i.e if I have 100 users running this process, will they all have to wait 30 seconds (0.3 x 100)? (edit: may be shorter due to dual0core/multi-thread processing but even 10 seconds is unacceptable).

Also: What is a good value to leave this cost parameter on? some people recommend $16 but that takes over 5 seconds on my site (hosted by a large webhost).

by the way I'm using the following code to check the time that it takes:

<?php
// set a password to work with
$var1 = "doodoo1234";

//echo that password onto the screen 
echo $var1 . "<br /><br />";

//Start the clock
$time_start = microtime(true);

//Run blowfish function to encrypt the password
$hashedpass = PassHash::blowfishhash($var1);

//stop the clock  
$time_end = microtime(true);

//echo the password to the screen
echo $echohashedpass . "<br /><br />";

//Echo the length of the encrypted password to the screen
//(this taught me that blowfish always returns a 60 varchar string)
echo strlen($sajpass). "<br /><br />";

$time = $time_end - $time_start;
echo "that took $time seconds\n";
?>

Answer 1

Honestly? The standard is 7, but you can set it to whatever you wish, even low like 4 is still going to be leaps and bounds above everything else out there. It also has the advantage over other hashes in the fact that it cannot be sped up via the use of GPUs. So it's just as slow(even slower right now) than other hashes. Thus it's still as slow as it always has been. If you're taking 0.1s on 10, then try 5 or 6. That'd put you down to 0.05s or so. Now then is that enough? It'd depend on what your definition of enough is.

Personally, I'd say anything above the minimum(which is 4) is more than enough. Also don't just do straight up blowfish. When someone manages to parallel it, they'll be able to throw your passwords against this tool which is already preogrammed. Try doing something like hashing the passwords with some other fast hash before or after your hash them with bcrypt. Use something strong though like sha256 or sha512. This way your system isn't identical to everyone else who's using bcrypt.

Since you're already using bcrypt I'm going to assume that you're using proper salting of the hash(outside of what's required by bcrypt alone).

I've done tons of benchmarks on my own laptop and I've honestly settled on 6 as the cost parameter, sure it's not the default of 7, but it's not slow enough to really get me worried about someone trying to get into it. It's also millions of times slower than the sha family of hashes.

Edit also if you want some code for doing things(since I don't know if you do), I've posted some over at this link Link to implementation of bcrypt based hashing. I don't know if you want it, thus that's why I didn't put it on here. The license is insanely liberal, so if you've not already written it yourself, I suggest you could use it(but maybe modify something).