Hello guys, can you explain me, what
Phalcon\Security::setWorkFactor(...);does?
Thanks in advance.
Hey,
its a setting for the security service, which determines how "strong" the hashing is.
You can read more in the following links:
https://docs.phalcon.io/en/latest/reference/security.html (bottom of page)
https://forum.phalcon.io/discussion/699/generating-csrf-puts-too-much-load
for short, if the work factor is higher, the hashing is stronger and harder to crack by brute force, but the downside is that it needs more resources and more time to hash. While hashing time might be a downside, is also a huge advantage when it comes to security.
Based on your needs and what project you're developing, you should find the right balance.
default phalcon work factor is 8. I usually go for 12.