bcrypt-ruby has an Integer Overflow that Causes Zero Key-Strengthening Iterations at Cost=31 on JRuby
An integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. The JRuby implementation of bcrypt-ruby (BCrypt.java) computes the key-strengthening round count as a signed 32-bit integer. When cost=31 (the maximum allowed by the gem), signed integer overflow causes the round count to become negative, and the strengthening loop executes …