BCRYPT_MIN_ROUNDS (number) BCRYPT_MAX_ROUNDS (number) When ENCRYPT_METHOD is set to BCRYPT, this defines the number of BCRYPT rounds used by the encryption algorithm by default (when the number of rounds is not specified on the command line). With a lot of rounds, it is more difficult to brute force the password. But note also that more CPU resources will be needed to authenticate users. The values must be inside the 4-31 range. If only one of the BCRYPT_MIN_ROUNDS or BCRYPT_MAX_ROUNDS values is set, then this value will be used. If BCRYPT_MIN_ROUNDS > BCRYPT_MAX_ROUNDS, the highest value will be used. Note: This only affect the generation of group passwords. The generation of user passwords is done by PAM and subject to the PAM configuration. It is recommended to set this variable consistently with the PAM configuration.