all InfoSec news
Do you use bcrypt or other 3rd-party npm packages when hashing user password?
DEV Community dev.to
Why are people using third party packages like bcrypt to hash user credentials instead of Node's own built-in classes and methods?
https://nodejs.org/api/crypto.html#cryptoscryptpassword-salt-keylen-options-callback
Reduce packages (and dependencies) by using Node's asynchronous scrypt method.
Well how does it work?
import { scrypt, randomBytes } from 'crypto';
const salt = randomBytes(32).toString('hex');
scrypt(password, salt, 32, async (err, derivedKey) => {
const userToCreate = {
password: derivedKey.toString('hex'),
username: username,
salt: salt,
};
});
The userToCreate will then contain the hashed password, as well as a …
asynchronous authentication bcrypt credentials crypto dependencies hash hashing hex import it work javascript node npm own packages party password people salt third user credentials webdev work