
I have tried for days to get bcrypt installed on my windows machine with no luck. One of the dependencies (Windows 7 SDK) does not want to be installed even though I have tried numerous suggestions from around the net it just refuses to cooperate.

I need a good alternative to bcrypt which does not have any dependencies.

Was it helpful?


Check out, it's fully compatible with bcrypt just without the dependencies.

Or if you don't want the crypto boilerplate and just need to encrypt and decrypt strings.


As of 24th April 2020 There is a nice built in way of hashing passwords using scrypt in the crypto module

// Using the built in crypto module

const { scryptSync, randomBytes } = require("crypto");

// Any random string here (ideally should be atleast 16 bytes)

const salt = randomBytes(16).toString("hex")

// Pass the password string and get hashed password back
// ( and store only the hashed string along with the salt in your database)
// {hashedPassword}${salt}

const getHash = (password) => scryptSync(password, salt, 32).toString("hex");

Here is an improved version of @malik-bagwala with JsDocs, types and a match password function.

import { randomBytes, scryptSync } from 'crypto';

// Pass the password string and get hashed password back
// ( and store only the hashed string in your database)
const encryptPassowrd = (password: string, salt: string) => {
  return scryptSync(password, salt, 32).toString('hex');

 * Hash password with random salt
 * @return {string} password hash followed by salt
 *  XXXX till 64 XXXX till 32
export const hashPassword = (password: string): string => {
  // Any random string here (ideally should be atleast 16 bytes)
  const salt = randomBytes(16).toString('hex');
  return encryptPassowrd(password, salt) + salt;

// fetch the user from your db and then use this function

 * Match password against the stored hash
export const matchPassword = (passowrd: string, hash: string): Boolean => {
  // extract salt from the hashed string
  // our hex password length is 32*2 = 64
  const salt = hash.slice(64);
  const originalPassHash = hash.slice(0, 64);
  const currentPassHash = encryptPassowrd(passowrd, salt);
  return originalPassHash === currentPassHash;

If someone faces similar issue, you can try bcryptjs which is optimized bcrypt written in JavaScript with zero dependencies and is also compatible to the C++ bcrypt.

You should really use the built-in crypto module for your encryption needs. It's basically a binding to OpenSSL, a fast, stable, secure, and well-vetted crypto library. Trying to implement your own crypto (or use someone else's unvalidated attempt at implementing crypto) is a recipe for disaster.

If you're looking to encrypt data, all you have to do is call crypto.createCipher, which returns a readable/writable Stream. Write data into the stream and it will emit data events with the encrypted data.

For example:

var stream = crypto.createCipher('aes192', 'mysecretpassword');
stream.on('data', function(enc) {
    // enc is a `Buffer` with a chunk of encrypted data

stream.write('some secret data');
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top