Member-only story
What Is The Best Algorithm (Bcrypt, Scrypt, SHA512, Argon2) For Password Hashing In Node.js? [2]
This article will explore and compare different hashing algorithms (Bcrypt, Scrypt, SHA512, Argon2) used to store a password in NodeJs.
This topic is in two parts so In the previous article, we reviewed the bcrypt algorithm in NodeJS and described the scenario of testing algorithms in NodeJS, and In this section, we are going to review the scrypt and SHA512, and Argon2 algorithms.
The repository Code in GitHub: https://github.com/myas92/Hashing-Password-Ways-Nodejs-Express
1. Bcrypt
2. Password Hashing Using Scrypt
It has been stated on transnp’s website
The
scryptis designed to be far more secure against hardware brute-force attacks than alternative functions such as bcrypt or PBKDF2.
and also
We estimate that on modern (2009) hardware, if 5 seconds are spent computing a derived key, the cost of a hardware brute-force attack against
scryptis roughly 4000 times greater than the cost of a similar attack against bcrypt (to find the same password)
Important Scrypt Features:
- Do not need the third-party module, just require the crypto module in nodeJS
- scrypt is weaker than bcrypt for password storage if scrypt is configured to use less than 4 MB so the default config is secure
- Do not have limitations for the length of passwords.
- The Crypto module of NodeJS uses one core for password hashing as the default
Scrypt Parameters:
password– the input password (8-10 chars minimal length is recommended)salt– securely-generated random bytes (64 bits minimum, 128 bits recommended)keylen- how many bytes to generate as output, e.g. 32 bytes (256 bits)
