6

One of my projects is using the bcrypt module for hashing secrets. A handful of people complain that it's hard to install because of it's dependencies. I've tried to install it on a Windows Server before, it's not a walk in the park.

People are asking me to use pure Javascript drop-in replacements such as dcodeIO/bcrypt.js and shaneGirish/bcrypt-nodejs. But I really don't know the security implications of using them. Are they just as reliable?

jedireza
  • 627
  • 6
  • 15
  • The only thing I can think of is memory security; with C, you can be sure to zero your buffers so that private information is not remnant in memory; however, this may still not work, since the information may be paged to disk and then back into memory by the OS at any time. – Alex Nichol Apr 02 '14 at 21:57

1 Answers1

4

Provided that these implementations are correct, you should use the fastest bcrypt available, which most likely means non-JS implementation.

You should assume that an attacker has the most quickest implementation available, and you want to slow the attacker down by increasing the cost of computation as much as you reasonably can.

dchest
  • 1,525
  • 18
  • 20
  • I haven't heard this in any cryptography-related discussion. If exists good implementations of an algorithm, you could assume that any other good implementation has the same computational complexity. – a0viedo Apr 02 '14 at 16:00
  • 2
    @a0viedo [Computational complexity](https://en.wikipedia.org/wiki/Computational_complexity_theory) is the term I *didn't use*: it has specific meaning, unrelated to the subject. What I was talking about is the *cost of computation* and relative *performance* difference between implementations. If you haven't heard discussions about perfomance and optimizations with regards to password hashing, you're very welcome to join us in the PHC mailing list https://password-hashing.net/interaction.html – dchest Apr 02 '14 at 18:28
  • I was referring to the statement "go for the fast one, is more secure" . Using the fastest implementation should be a concern for improving end-user experience and not for security issues (the main discussion here). – a0viedo Apr 04 '14 at 14:08
  • 1
    @a0viedo no, it's not just the user experience. Password hashing security is directly related to the performance of the algorithm and its implementation. You should use the *fastest* implementation of the *slowest* (or more resource-consuming in general, e.g. memory) algorithm. – dchest Apr 04 '14 at 18:49
  • Agreed, you should use the fastest available. There is an asm.js port of the bcrypt algorithm [here](https://github.com/fpirsch/twin-bcrypt), which is quite fast, has no dependencies, and is fully tested against original C implementations test suites. – fpirsch Jul 20 '14 at 10:45