Security Settings

I was diving into the generatePasswordHash()

It seems that the costs is set to default to 13

But how can I explain this to a non-yii … but security professional … on how the passwords are stored ?

It uses bcrypt with a cost of 13 ?.. will an expert understand that… or is the cost related to the salt ?

Yes. It’s bcrypt hash with cost of 13. If the security professional is, in fact, professional he’ll get what it means.