Feb. 10, 2024, 2:02 p.m. | GreenIntro

DEV Community dev.to

Why are people using third party packages like bcrypt to hash user credentials instead of Node's own built-in classes and methods?


https://nodejs.org/api/crypto.html#cryptoscryptpassword-salt-keylen-options-callback


Reduce packages (and dependencies) by using Node's asynchronous scrypt method.


Well how does it work?



import { scrypt, randomBytes } from 'crypto';

const salt = randomBytes(32).toString('hex');
scrypt(password, salt, 32, async (err, derivedKey) => {
const userToCreate = {
password: derivedKey.toString('hex'),
username: username,
salt: salt,
};
});


The userToCreate will then contain the hashed password, as well as a …

asynchronous authentication bcrypt credentials crypto dependencies hash hashing hex import it work javascript node npm own packages party password people salt third user credentials webdev work

Humbly Confident Security Lead

@ YNAB | Remote

Information Technology Specialist II: Information Security Engineer

@ WBCP, Inc. | Pasadena, CA.

Director of the Air Force Cyber Technical Center of Excellence (CyTCoE)

@ Air Force Institute of Technology | Dayton, OH, USA

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

Cybersecurity Subject Matter Expert

@ QinetiQ US | Washington, DC, United States

Program Cybersecurity Manage (F/M/X)

@ Alstom | Villeurbanne, FR