Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify how to decide between bcrypt vs bcrypt.js in README #98

Closed
JBallin opened this issue Mar 18, 2019 · 4 comments
Closed

Clarify how to decide between bcrypt vs bcrypt.js in README #98

JBallin opened this issue Mar 18, 2019 · 4 comments
Labels
stale

Comments

@JBallin
Copy link

JBallin commented Mar 18, 2019
edited
Loading

This should be explained simply in terms a beginner can understand. I think a pro's, con's list would be a good format. I'll attempt one below, but I admit I'm uncertain about the deciding factors.

#14, #5, and #95 focus on clarifying the performance differences (which IS included in README), but don't expand on how one decides which to use.

bcrypt.js PROS

  • 0 dependencies: eliminates the risk of a malicious dependency being inserted into your project.
  • Written in JavaScript: mitigates issues running bcrypt on some machines.

bcrypt.js CONS

  • 30% slower: less rounds can be run when encrypting an input in a fixed amount of time - resulting in less secure encryption.
@yeegr
Copy link

yeegr commented Sep 24, 2019

PROS:

  • Better Docker support. bcrypt works differently on different OSes, packages for Mac, Windows and Linux are different. So you have to load the appropriate package into the container, a huge hassle during development.

@cekvenich
Copy link

I'm a non pro, but I assume it has to work same on the browser so you can read on the server. And browsers are all different.

@yeegr
Copy link

yeegr commented Sep 25, 2019

I'm a non pro, but I assume it has to work same on the browser so you can read on the server. And browsers are all different.

You miss understood me. bcrypt works the same on different OSes, but it apparently uses different packages on different OSes. This poses a problem for me as I'm developing projects on a Mac and use Docker images (which are based on Linux) to run them. The Docker image virtualizes the output directory on the Mac as the Node root. And in this case bcrypt fails. To continue using bcrypt, I'd have to install the bcrypt package on the image, which becomes a huge hassle, as I'd have to instal all the remaining Node packages onto the image, and every time I change the packages, I'd have to redo it on the image.

@github-actions GitHub Actions
Copy link

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in one week if no further activity occurs. Thank you for your contributions!

@github-actions github-actions bot added the stale label Feb 24, 2025
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Mar 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@yeegr @JBallin @cekvenich