Increase default stretches to 11

lib/devise.rb

@@ -63,7 +63,7 @@ module Devise
 
   # The number of times to encrypt password.
   mattr_accessor :stretches
-  @@stretches = 10
+  @@stretches = 11
 
   # The default key used when authenticating over http auth.
   mattr_accessor :http_authentication_key

lib/devise/models.rb

@@ -12,7 +12,7 @@ module Devise
 
     # Creates configuration values for Devise and for the given module.
     #
-    #   Devise::Models.config(Devise::Authenticatable, :stretches, 10)
+    #   Devise::Models.config(Devise::Authenticatable, :stretches, 11)
     #
     # The line above creates:
     #

lib/generators/templates/devise.rb

@@ -92,15 +92,15 @@ Devise.setup do |config|
   # config.clean_up_csrf_token_on_authentication = true
 
   # ==> Configuration for :database_authenticatable
-  # For bcrypt, this is the cost for hashing the password and defaults to 10. If
+  # For bcrypt, this is the cost for hashing the password and defaults to 12. If
   # using other encryptors, it sets how many times you want the password re-encrypted.
   #
   # Limiting the stretches to just one in testing will increase the performance of
   # your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use
-  # a value less than 10 in other environments. Note that, for bcrypt (the default
+  # a value less than 12 in other environments. Note that, for bcrypt (the default
   # encryptor), the cost increases exponentially with the number of stretches (e.g.
   # a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation).
-  config.stretches = Rails.env.test? ? 1 : 10
+  config.stretches = Rails.env.test? ? 1 : 11
 
   # Setup a pepper to generate the encrypted password.
   # config.pepper = '<%= SecureRandom.hex(64) %>'