Comment 37 for bug 1468422

Regarding raising the work factor...

If you simply modify actor.passwd_type.iter_count, any passwords created or modified after that point will use the new work factor. This will not affect existing passwords, because they are verified using the work factor encoded within the salt.

Example salt: $2a$10$dkfdm0JgfZtfWPisZZu1se (work factor "$10$").

If we wanted the ability to force all passwords to use a different work factor, we'd have to write code to re-hash the existing passwords.

A good reference: http://crypto.stackexchange.com/questions/3003/do-i-have-to-recompute-all-hashes-if-i-change-the-work-factor-in-bcrypt