I see in the config/initializers/devise.rb, there is a configuration called "config.stretches".
# ==> Configuration for :database_authenticatable
# For bcrypt, this is the cost for hashing the password and defaults to 10. If
# using other encryptors, it sets how many times you want the password re-encrypted.
config.stretches = 10
I don't understand what does the stretches
mean. It says it is the times I want the password "re-encrypted". Why and we the password will be re-encrypted? And why I should specify a "times"?
The short answer is that it makes brute force dictionary attacks take longer.
This blog post is written in reasonably plain English, and might give you a better idea of what's going on.
Though @jdl answer has been accepted but it really isn't in a plain English or in the one I'd understand any better. This link helped me better understand about stretches
This will increase performance dramatically if you use bcrypt and create a lot of users (e.g. if you use Factory Bot or Machinist). Key stretching is a method of improving the security of passwords at the expense of speed.
For deeper understanding you can checkout key stretching on wiki
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With