RAJ ڧѧ 23.09.2012 00:49:
> Hi folks
>
> From last some days, I was facing an issue that my rails application
> was taking too much time for making user logged in. I am using 
> devise.
> So this night just debugged the issue and got the root of error. I
> have fixed it and sharing the solution with all of you. It may help
> some of your guys/gals also.
>
> Here is the solution, have a look:
> 
> http://tech-brains.blogspot.in/2012/09/devise-taking-too-much-time-to-make.html

First, this is not a Rails mailing list.

Second, your article is misleading. It does not discuss the differences 
between
bcrypt or sha256, neither does it explain the value of bcrypt and 
:stretches.
Even worse, you don't seem to understand how bcrypt actually works or 
how is it
configured.

To explain it shortly, bcrypt is a deliberately slow hashing function 
which
causes a relatively insignificant amount of time to be spent if a 
legitimate
user is trying to log in, but makes brute-force attacks completely 
unfeasible.
The "relatively insignificant" clause is highly dependent on your CPU 
speed.

The algorithm is configurable. It is expected that you will trade-off 
security
for speed and select the correct stretch count suitable for your task. 
Increasing
stretch count by one increases the computation time by a factor of 2.

Thus, if you configure the stretch count to 20, you're doing it 2**10, 
i.e. 1024
times slower than the default value of 10. Pretty obviously it times 
out. This
doesn't mean that there is some issue with bcrypt; this only means that 
you didn't
care to read the documentation and used the :stretches option blindly. 
The
devise/bcrypt default works nice.

-- 
   WBR, Peter Zotov.