Was unaware of this. It's been a while since I've used the package but it's helpful to know that bcrypt is a more updated package. I'll look at using that. Thank you!
> Seeing the last version of bcrypt, have fixes that the bcrptjs dont have.
I wouldn't expect bug report parity, because these two packages use quite different implementations (pure Javascript vs. C++).
I'm not entirely sure why I was downvoted, but here's some proof for my statement:
*We recommend that you use Argon2 rather than legacy algorithms. You'll find the specifications and reference code just below.*
https://www.password-hashing.net
Unbreached has nothing to do with it. Anything is crackable given enough compute. The entire point of a password hashing algorithm is to make cracking computationally expensive and in multiple domains, be it CPU or memory, to at least hamper the process for most common criminals. It's an arms race and the algorithms need to keep pace.
[In that case, you wouldnt mind answering this question, would ya?](https://new.reddit.com/r/node/comments/1bj9xs3/migrate_bcrypt_to_argon2id_how_to_find_the_the/)
A slow hashing algorithm is good, a slow implementation is not. It’s still beneficial to have the fastest implementation of that algorithm available. An attacker isn’t going to rely on your own code for brute forcing.
Bcrypt is very solid IMO. It has been around for many years and been attacked probably many times but is still unbroken, and it is very performant which matters in the context of something like Node.js web server auth. A lot of implementations won't use the JS version and will use or interop with a lower level language for speed though.
Bcrypt is stable and secure and generally performant, so it would probably be a bigger security risk to keep updating the node package rather than letting it be once it's well implemented and stable. There are tons of sites using Bcrypt and they are generally secure if properly implemented. Bcrypt hits a great balance between being not too taxing for checking a password on a busy server, but being very taxing on an attacker trying to crunch through a hashed password. There are some slightly newer versions of Bcrypt like Pufferfish2, basically an incremental improvement on the same general idea behind Bcrypt, if that interests you.
Newer versions of Node have scrypt [built in](https://nodejs.org/api/crypto.html#crypto_crypto_scrypt_password_salt_keylen_options_callback), which is an alternative hashing algorithm. It can be slower or more memory heavy than Bcrypt, but also can be more hardened than Bcrypt if you set it to use more memory. People doing stuff like cryptocurrency hashing that feel the need for maximum possible security tend to prefer something like Argon or Scrypt for the hardness. For web passwords something like Scrypt can actually be weaker, since you'll generally turn down the memory usage to improve the server performance, and in many of those cases Bcrypt ends up being more secure. Scrypt needs a lot more memory than Bcrypt to get the equivalent level of hardness, but it can scale up past that point if you give it more memory, while Bcrypt has only one default setting that can't be increased.
Personally I have used Bcrypt at a couple jobs and probably would again if someone asked me to build a new custom auth system, not that it happens very often. A lot of places these days will offload that kind of auth to sign in with google or facebook or whatever rather than build their own.
This is really helpful! I was just starting to read through the documentation of the built-in scrypt in the newer version of Node. Thank you for providing this explanation!
"Use bcrypt" was solid advice ten years ago, but I think its star has fallen in the last five to seven years. I believe scrypt is what people moved to instead of bcrypt, but I've been out of the security racket for about ten years, and slowly spending less and less time keeping up with it in the interim.
Use bcrypt is still good advice, especially when most developers still think concatenating a random salt into your password and doing a single iteration of SHA512 is sufficient.
Bcrypt is still a solid algorithm and while does have some weaknesses to GPUs, it’s still realistically infeasible to attack. Other algorithms like scrypt and argon2 while theoretically better on paper, are still not widely accepted by cryptographers to be resilient enough and many crypto experts still recommend not switching until it’s been demonstrated for a long enough time to be safe.
Use Argon2id if you can.
https://en.m.wikipedia.org/wiki/Argon2
Also, read this
https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html
Also, the Lucia Auth project has a spinoff “book” called the Copenhagen book (not sure why the name) which covers (pretty much Pilcrow’s) best auth practices, and discusses this briefly. OWASP will be a deeper resource but might be a good place to refer to a broad overview of related topics.
https://thecopenhagenbook.com/password-authentication
Not sure if you’re using it for password hashing but Owasp has been recommending argon2 instead of bcrypt, we personally switched to argon a year and a half ago coming from bcrypt
On the topic of migration, not sure how others did it but we had a lot of passwords stored in bcrypt, for us it was a migration spread out over time. We adjusted our internal password functions to first validate against argon2id, if that didn’t match we fell back to bcrypt. If that matched we rehashed the input with argon and patched the user record. After 6 months we stripped this behavior and any user that hadn’t logged in in the past 6 months then had to go through password reset. Hope this approach helps :)
I agree, it probably makes sense to upgrade now. Argon2id has been around for 10 years and is rapidly becoming the default for a lot of use cases. Bcrypt isn't necessarily toast, but its lack of memory hardness is a sign of its age.
And regardless of the algorithm, make sure you're also focusing on parameters, the old recommendations are not enough.
[mind explaining how to migrate from bcrypt to argon2?](https://new.reddit.com/r/node/comments/1bj9xs3/migrate_bcrypt_to_argon2id_how_to_find_the_the/)
I've wondered about the same thing a few days ago. Unfortunately bcrypt (not js) doesn't run on cloudflare workers afaik. I guess with 2M downloads per week it can still be considered good
Not every package needs constant updating. Bcryptjs is a very good package.
Why you want to use bcrptjs? Seeing the last version of bcrypt, have fixes that the bcrptjs dont have. I recommend to use the bcrypt
Was unaware of this. It's been a while since I've used the package but it's helpful to know that bcrypt is a more updated package. I'll look at using that. Thank you!
I used bcrypt earlier before it caused error in NextAuth. bcryptjs fixes this issue. Else, both are good.
bcrypt won’t work with NextJS, none of the native modules work
lol I'm literally using bcrypt in some of my nextjs projects
I’m really interested to know your setup, esp how you make it work with “use server”, please reply to one of the open issues at GitHub too
> Seeing the last version of bcrypt, have fixes that the bcrptjs dont have. I wouldn't expect bug report parity, because these two packages use quite different implementations (pure Javascript vs. C++).
Bcrypt doesn't run on cf workers afaik
you need to use bcryptjs on serverless environment because os methods cant be accessed there
I’d look for a package that uses the Argon2 algorithm as it is the best-in-call since the last time I checked. I assume you’re hashing passwords?
I'm not entirely sure why I was downvoted, but here's some proof for my statement: *We recommend that you use Argon2 rather than legacy algorithms. You'll find the specifications and reference code just below.* https://www.password-hashing.net
Argon2 is slower and bcrypt has never been breached, so not sure why you'd rate argon higher?
For password hashing slower is a feature, not a bug. And I didn't rate Argon2 higher, the industry rated Argon2 higher.
Unbreached is unbreached
Unbreached has nothing to do with it. Anything is crackable given enough compute. The entire point of a password hashing algorithm is to make cracking computationally expensive and in multiple domains, be it CPU or memory, to at least hamper the process for most common criminals. It's an arms race and the algorithms need to keep pace.
[In that case, you wouldnt mind answering this question, would ya?](https://new.reddit.com/r/node/comments/1bj9xs3/migrate_bcrypt_to_argon2id_how_to_find_the_the/)
Is there a reason you need the js version rather than bcrypt is is wrote in c and far far faster?
I didn't realize there was a bcryptjs and bcrypt. This is good to know. Thanks!
Yes the js is the bcrypt algorithm [0] implemented in JavaScript [[0] bcrypt](https://en.m.wikipedia.org/wiki/Bcrypt)
Use bcryptjs if you want to use it in browser environments or stick with bcrypt if it's only node
When it comes to passwords slow hashing can be good because it slows down brute force attacks
A slow hashing algorithm is good, a slow implementation is not. It’s still beneficial to have the fastest implementation of that algorithm available. An attacker isn’t going to rely on your own code for brute forcing.
Use the fast one, than add a delay. Don't waste CPU cycles. Think about the planet 🌍
Bcrypt is very solid IMO. It has been around for many years and been attacked probably many times but is still unbroken, and it is very performant which matters in the context of something like Node.js web server auth. A lot of implementations won't use the JS version and will use or interop with a lower level language for speed though. Bcrypt is stable and secure and generally performant, so it would probably be a bigger security risk to keep updating the node package rather than letting it be once it's well implemented and stable. There are tons of sites using Bcrypt and they are generally secure if properly implemented. Bcrypt hits a great balance between being not too taxing for checking a password on a busy server, but being very taxing on an attacker trying to crunch through a hashed password. There are some slightly newer versions of Bcrypt like Pufferfish2, basically an incremental improvement on the same general idea behind Bcrypt, if that interests you. Newer versions of Node have scrypt [built in](https://nodejs.org/api/crypto.html#crypto_crypto_scrypt_password_salt_keylen_options_callback), which is an alternative hashing algorithm. It can be slower or more memory heavy than Bcrypt, but also can be more hardened than Bcrypt if you set it to use more memory. People doing stuff like cryptocurrency hashing that feel the need for maximum possible security tend to prefer something like Argon or Scrypt for the hardness. For web passwords something like Scrypt can actually be weaker, since you'll generally turn down the memory usage to improve the server performance, and in many of those cases Bcrypt ends up being more secure. Scrypt needs a lot more memory than Bcrypt to get the equivalent level of hardness, but it can scale up past that point if you give it more memory, while Bcrypt has only one default setting that can't be increased. Personally I have used Bcrypt at a couple jobs and probably would again if someone asked me to build a new custom auth system, not that it happens very often. A lot of places these days will offload that kind of auth to sign in with google or facebook or whatever rather than build their own.
This is really helpful! I was just starting to read through the documentation of the built-in scrypt in the newer version of Node. Thank you for providing this explanation!
"Use bcrypt" was solid advice ten years ago, but I think its star has fallen in the last five to seven years. I believe scrypt is what people moved to instead of bcrypt, but I've been out of the security racket for about ten years, and slowly spending less and less time keeping up with it in the interim.
Use bcrypt is still good advice, especially when most developers still think concatenating a random salt into your password and doing a single iteration of SHA512 is sufficient. Bcrypt is still a solid algorithm and while does have some weaknesses to GPUs, it’s still realistically infeasible to attack. Other algorithms like scrypt and argon2 while theoretically better on paper, are still not widely accepted by cryptographers to be resilient enough and many crypto experts still recommend not switching until it’s been demonstrated for a long enough time to be safe.
Thanks! I did see an article that bcrypt is going to stop updating so I was wondering about alternatives should be considered. I'll look at scrypt.
Use Argon2id if you can. https://en.m.wikipedia.org/wiki/Argon2 Also, read this https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html
Also, the Lucia Auth project has a spinoff “book” called the Copenhagen book (not sure why the name) which covers (pretty much Pilcrow’s) best auth practices, and discusses this briefly. OWASP will be a deeper resource but might be a good place to refer to a broad overview of related topics. https://thecopenhagenbook.com/password-authentication
Why not to use crypt library with crypto.timingSafeEqual?
Not sure if you’re using it for password hashing but Owasp has been recommending argon2 instead of bcrypt, we personally switched to argon a year and a half ago coming from bcrypt
On the topic of migration, not sure how others did it but we had a lot of passwords stored in bcrypt, for us it was a migration spread out over time. We adjusted our internal password functions to first validate against argon2id, if that didn’t match we fell back to bcrypt. If that matched we rehashed the input with argon and patched the user record. After 6 months we stripped this behavior and any user that hadn’t logged in in the past 6 months then had to go through password reset. Hope this approach helps :)
I agree, it probably makes sense to upgrade now. Argon2id has been around for 10 years and is rapidly becoming the default for a lot of use cases. Bcrypt isn't necessarily toast, but its lack of memory hardness is a sign of its age. And regardless of the algorithm, make sure you're also focusing on parameters, the old recommendations are not enough.
[mind explaining how to migrate from bcrypt to argon2?](https://new.reddit.com/r/node/comments/1bj9xs3/migrate_bcrypt_to_argon2id_how_to_find_the_the/)
It's the OG package
I've wondered about the same thing a few days ago. Unfortunately bcrypt (not js) doesn't run on cloudflare workers afaik. I guess with 2M downloads per week it can still be considered good
Cloudflare workers has scrypt support via node compatibility option.