Question
One of my projects is using the bcrypt module for hashing secrets. A handful of people complain that it's hard to install because of it's dependencies. I've tried to install it on a Windows Server before, it's not a walk in the park.
People are asking me to use pure Javascript drop-in replacements such as dcodeIO/bcrypt.js and shaneGirish/bcrypt-nodejs. But I really don't know the security implications of using them. Are they just as reliable?
Solution
Provided that these implementations are correct, you should use the fastest bcrypt available, which most likely means non-JS implementation.
You should assume that an attacker has the most quickest implementation available, and you want to slow the attacker down by increasing the cost of computation as much as you reasonably can.
https://stackoverflow.com/questions/22801593
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian