I have the following code in my test.js file:
const bcrypt = require("bcrypt");
const { performance } = require("perf_hooks");
let hash = "$2b$20$v38KOyF2WSaJI/wcxSKN6u1iyvjfOu.Tjs3QHKCW2O4nCt0rTUgMu";
let password = "7!E:J|8yvGw$v]xXfKngkUAw3]EQ?B";
async function checkPassword() {
let t = performance.now();
if (await bcrypt.compare(password, hash)) {
console.log("Passed! ", performance.now() - t);
} else {
console.log("Failed! ", performance.now() - t);
}
}
checkPassword();
Then I run node test.js
The outputs I'm getting are:
Passed! 59178.30090880394 < for a correct password
Failed! 59386.33465099335 < for an incorrect password
That is nearly a minute for a basic check! Is this the expected result?
My package.json is using:
"dependencies": {
"bcrypt": "^5.0.0",
...
I don't get any errors in the console, everything is completing correctly. The password I'm hashing is
7!E:J|8yvGw$v]xXfKngkUAw3]EQ?B
Is that just too long? I don't entirely understand how bcrypt works, in case that isn't obvious!
Here's your problem:
$2b$20$v38KOyF2WSaJI/wcxSKN6u1iyvjfOu.Tjs3QHKCW2O4nCt0rTUgMu
That means:
A cost factor of 12 takes about 250 ms on current hardware.
| Cost | Time |
|---|---|
| 12 | 250 ms |
| 13 | 500 ms |
| 14 | 1 s |
| 15 | 2 s |
| 16 | 4 s |
| 17 | 8 s |
| 18 | 16 s |
| 19 | 32 s |
| 20 | 54 s |
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With