CD
Cloudflare Developersβ€’6mo ago
Proman4713 πŸ‡΅πŸ‡Έ

Bcrypt on Cloudflare Workers

I originally sent this in #coding-help but I think this is a better channel... How can I hash data using Bcrypt on Cloudflare Workers? (I'm using Wrangler CLI with NodeJS compatibility fyi) I managed to do SHA-256 (with my own salting system by concatenating the salt to the password before hashing) using the NodeJS crypto.subtle module, which is provided by Cloudflare Workers with node compatibility. I want the hashing to be more secure by using Bcrypt, but I don't know how I can do that on Cloudflare Workers
8 Replies
Cyb3r-Jak3
Cyb3r-Jak3β€’6mo ago
You can use https://www.npmjs.com/package/bcryptjs
npm
bcryptjs
Optimized bcrypt in plain JavaScript with zero dependencies. Compatible to 'bcrypt'.. Latest version: 2.4.3, last published: 7 years ago. Start using bcryptjs in your project by running npm i bcryptjs. There are 3830 other projects in the npm registry using bcryptjs.
Proman4713 πŸ‡΅πŸ‡Έ
Proman4713 πŸ‡΅πŸ‡ΈOPβ€’6mo ago
How about this? https://www.npmjs.com/package/argon2
npm
argon2
An Argon2 library for Node. Latest version: 0.40.3, last published: a month ago. Start using argon2 in your project by running npm i argon2. There are 347 other projects in the npm registry using argon2.
Proman4713 πŸ‡΅πŸ‡Έ
Proman4713 πŸ‡΅πŸ‡ΈOPβ€’6mo ago
I've always heard Argon is safer than Bcrypt But since I also heard that bcrypt has more support, I decided to ask about it for Cloudflare's workers But now I know that it is possible to use it, I'm also curious about Argon Besides usage with cloudflare workers, is it in general also a suitable package?
Proman4713 πŸ‡΅πŸ‡Έ
Proman4713 πŸ‡΅πŸ‡ΈOPβ€’6mo ago
If Argon is not usable. How about the bcrypt package? Since it's updated more frequently I think bcrypt (without the js) is more secure https://www.npmjs.com/package/bcrypt
npm
bcrypt
A bcrypt library for NodeJS.. Latest version: 5.1.1, last published: 10 months ago. Start using bcrypt in your project by running npm i bcrypt. There are 6902 other projects in the npm registry using bcrypt.
Cyb3r-Jak3
Cyb3r-Jak3β€’6mo ago
The bcryptjs package is a 100% JavaScript library that works in workers. The bcrypt one needs C++ so isn’t available in workers
Proman4713 πŸ‡΅πŸ‡Έ
Proman4713 πŸ‡΅πŸ‡ΈOPβ€’6mo ago
Oh okay What about argon2? Uhhh what about Argon?
Cyb3r-Jak3
Cyb3r-Jak3β€’6mo ago
I've only seen it as a WASM worker that you would have to call via a service binding
Proman4713 πŸ‡΅πŸ‡Έ
Proman4713 πŸ‡΅πŸ‡ΈOPβ€’6mo ago
Oh I'm not sure how I'll do that I guess bcrypt is secure enough for me If password security gets advanced beyond bcrypt then I guess I'll switch to Argon But for now, since I don't even know what service bindings are, I shouldn't play with Argon when I don't know if I'm setting it up correctly
Want results from more Discord servers?
Add your server