Hi all,

I would like to get feedback on a proposal for ActiveModel::SecurePassword before I send a PR:

Currently, ActiveModel::SecurePassword has a class method #min_cost which can be set to true/false - false by default. When true, cost is set to MIN_COST of 4 and false it is set to DEFAULT_COST of 10.

BCrypt’s cost factor can be set from 1 to 31.

I’d like to propose deprecating #min_cost in favor of just #cost. The cost class method would have a default value of 10, keeping consistency. This would then allow developers to have more control on setting the cost, depending on the application in which they’re building.

An example would be setting the cost to 1 for tests (as devise does) or to something higher than 10 for an application that requires it.

Thoughts or concerns?



min_cost doesn't need to be deprecated, since it was just added to master.
I think it's fine for it to be a cost number, similar to devise, though,
but others might have different opinions on that.

I think it is fine too

I opened a PR of the implementation and some dialog on what I think would be even better: https://github.com/rails/rails/pull/8408