node.bcrypt.js VS node-argon2

Hi, I am struggling a bit with getting bcrypt to work within nextjs and was wondering if anyone could help -- I have the same issue as listed here

bcrypt: the old standby, it looks like this has fallen out of favor for new projects.

Then, there is the bcrypt npm package which is what I assumed you were talking about. If this is what you were talking about, then I'd encourage you to take another look at the repo here, though, and let me know exactly what WebAssembly you're referring to. The C++ files and header file in the src directory are pulled into the main script in the pattern used for node add-ons.

If you look at the function source in c++ it doesn’t do anything more than hash the plaintext one, validate the salt of the provided hash, and compare the hash strings.

A good way to approach writing native addons could be: * Read this intro article https://blog.sqreen.com/building-a-native-add-on-for-node-js-in-2019/ (disclaimer, I wrote this one) * Read the source code of some simple addon examples (https://github.com/uhop/node-re2, https://github.com/kelektiv/node.bcrypt.js#readme) * read the nodejs doc on native addons * read the libuv book if you want to handle asynchronous stuff in your addons * read Node.js source code

❓ Why is hashing and salting passwords mandatory? A salt is simply a random data used as an additional input to the hashing function to safeguard your password. The random string from the salt makes the hash unpredictable. A password hash involves converting the password into an alphanumeric string using specialized algorithms. Hashing and salting are irreversible and ensure that even if someone gains access to the hashed passwords, they will not be able to decrypt them to recover the original passwords. Hystorically bcrypt is recognized as the best hashing algorithm. However, in terms of robustness against all the new cryptographic attacks targeting hashing algorithms, the current clear winner is argon2. However, since the “youth" (2015) of this algorithm, I chose to use bcrypt

Argon2: this is the newest highly recommended algorithm, and recommended by OWASP. (Edit: originally linked to a low-download library.)

Though I am using bcrypt to hash passwords, recommended approach currently is argon2

As per security.stackexchange.com the recommended number of rounds for Bcrypt is a number such that it takes atleast 250 ms to hash your password. Argon2 on the other hand takes multiple parameters it seems. What is the equivalent configuration you need for Argon2? I am talking about an express webserver here with passportjs if that helps

If you already have Bcrypt & want to start converting to Argon2, check out this guide → https://github.com/ranisalt/node-argon2/wiki/Migrating-from-another-hash-function

You can look at the argon2 npm (https://www.npmjs.com/package/argon2).