NodeJS Bcrypt hashing & comparing takes 2-3 seconds on average. How to optimize it

Asked Oct 17 '20 at 20:39

Active Oct 17 '20 at 23:19

Viewed 786 times

NodeJS Bcrypt hashing & comparing takes 2-3 seconds on average. How to optimize it. Is there any alternative solution for password hashing with millisecond-level performance?

Please suggest modifications required in the code below:

bcrypt.hash(password, 15).then(hashedPassword => {  } 

bcrypt.compare(password, savedUser.password).then(doMatch => {   }

edited Oct 17 '20 at 23:19

jfriend00

683,504
96
985
979

asked Oct 17 '20 at 20:39

Aswin Av

1

it's part of the point for password hashing to take time. Bcrypt taking multiple turns is on purpose. And this takes time. – pintxo Oct 17 '20 at 20:41
2-3 seconds is usually too long – you should aim for about 0.1 seconds. Are you using a pure-JavaScript implementation? How many rounds? – Ry- Oct 17 '20 at 20:45
You can make bcrypt faster by tuning the work factor, but a rule of thumb would be on the order of 0.1s, not 0.001s (see e.g. https://security.stackexchange.com/a/3993/72084). – jonrsharpe Oct 17 '20 at 20:45
I have added my code in the question. Could you please check and suggest modifications required – Aswin Av Oct 17 '20 at 20:48
15 is too high. Use 12 or 13. – Ry- Oct 17 '20 at 21:23

NodeJS Bcrypt hashing & comparing takes 2-3 seconds on average. How to optimize it

0 Answers0