Home

Awesome

Learn Crypto

Cryptography is a fascinating topic worthy of many fantastic books! see: http://amzn.to/cthr46

Password Hashing

"* Speed is exactly what you don’t want in a password hash function*." ~ Thomas Ptacek

Using bcrypt means there is a "work factor" for computing the hash of each password. Each increment in work-factor (beyond 8) roughly doubles the amount of time required to compute the hash.

bcrypt time required to derive hash

// "cost" | ms required
{
'1' : '27ms',
'2' : '27ms',
'3' : '27ms',
'4' : '27ms',
'5' : '28ms',
'6' : '28ms',
'7' : '28ms',
'8' : '32ms',
'9' : '65ms',
'10': '120ms',
'11': '226ms',
'12': '447ms',  // sweet spot for web apps (page/API response under 1 sec)
'13': '914ms',
'14': '1810ms',
'15': '3673ms',
'16': '7634ms',
'17': '15449ms',
'18': '28531ms',
'19': '51857ms',
'20': '98165ms' // 98 seconds
}

Node.js Modules

Further Reading

This is a huge and fascinating topic, don't skip the background (general) reading if you are serious about understanding security!

General

Passwords

Background Reading

Videos